354300x8000000000000000492864Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:49.808{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-24941-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492863Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:49.491{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23675-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492862Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:49.210{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17633-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492861Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:48.850{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-32471-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492865Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:50.161{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26883-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492871Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:52.756{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39242-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492870Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:52.679{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-38171-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492869Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:52.436{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37922-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492868Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:52.048{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-29256-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492867Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:50.477{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-40023-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492866Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:50.476{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28706-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492876Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:54.057{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-41003-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492875Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:53.932{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-54553-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492874Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:53.331{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-39446-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492873Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:53.318{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-52054-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492872Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:53.067{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40758-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492878Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:54.848{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40908-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492877Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:54.802{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-42081-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492879Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:55.027{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51151-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 11241100x8000000000000000492884Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:40:00.245{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.sg28202021-04-28 08:40:00.230 11241100x8000000000000000492883Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:40:00.230{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.lock2021-04-28 08:40:00.230 354300x8000000000000000492882Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:56.116{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-43827-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492881Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:55.488{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-42901-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492880Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:55.342{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52901-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492886Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:56.782{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-7715-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492885Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:56.735{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-44954-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492891Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:58.092{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47415-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492890Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:57.708{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-52728-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492889Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:57.430{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-46114-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492888Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:57.389{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10230-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492887Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:57.278{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3584-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492893Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:58.910{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-57629-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492892Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:58.320{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-55277-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492895Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:59.514{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1217-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492894Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:39:59.207{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13298-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492898Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:01.158{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23357-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492897Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:00.778{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24769-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492896Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:00.201{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22131-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492902Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:02.964{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-15205-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492901Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:02.348{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-12771-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492900Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:01.841{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-53287-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492899Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:01.591{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25118-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492905Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:03.705{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-36735-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492904Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:03.593{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17905-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492903Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:03.522{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34652-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492908Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:06.525{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-48499-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492907Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:06.488{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-29662-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492906Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:05.522{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45208-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492909Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:07.108{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-51065-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492913Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:08.277{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57659-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492912Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:07.968{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55806-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492911Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:07.856{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-3905-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492910Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:07.715{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53365-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492919Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:09.893{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-7281-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492918Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:09.346{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-41466-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492917Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:09.261{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-6237-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492916Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:08.906{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-2800-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492915Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:08.586{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59754-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492914Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:08.549{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-5261-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492920Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:09.962{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-43968-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492923Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:10.875{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12644-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492922Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:10.565{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-46400-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492921Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:10.507{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-6375-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492926Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:11.648{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15666-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492925Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:11.327{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13935-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492924Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:11.170{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-48997-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191185Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:40:14.569{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in63443-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000492933Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:13.482{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12823-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492932Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:13.269{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17810-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492931Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:12.907{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21816-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492930Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:12.591{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20258-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492929Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:12.279{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19065-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492928Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:11.963{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17280-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492927Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:11.782{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51267-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492935Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:14.160{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-13952-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492934Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:13.871{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20016-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492941Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:15.534{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35886-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492940Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:15.229{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6512-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492939Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:15.226{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34161-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492938Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:14.918{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32224-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492937Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:14.800{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-15209-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492936Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:14.642{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4123-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492944Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:16.725{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32267-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492943Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:16.408{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11446-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492942Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:15.823{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-8941-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492946Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:17.339{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-34857-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492945Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:17.006{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-13743-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492952Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:18.344{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20800-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492951Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:18.322{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49130-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492950Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:18.206{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18703-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492949Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:18.009{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47329-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492948Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:17.697{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45888-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492947Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:17.613{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16395-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492953Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:18.974{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-21884-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492959Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:21.015{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30279-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492958Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:20.702{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-48896-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492957Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:20.589{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1856-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492956Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:20.277{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59149-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492955Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:20.118{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-46473-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492954Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:19.697{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-23069-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492963Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:21.741{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7036-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492962Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:21.425{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-5574-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492961Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:21.284{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-51337-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492960Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:21.106{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3211-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492965Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:22.482{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56367-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492964Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:21.883{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53890-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492966Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:23.697{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16076-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492969Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:24.802{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-31265-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492968Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:24.089{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-30092-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492967Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:23.879{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42030-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492972Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:25.668{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25994-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492971Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:25.468{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-32299-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492970Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:25.312{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-9286-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492974Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:26.711{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53814-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492973Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:26.097{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-33301-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492976Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:27.742{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35194-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492975Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:27.319{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56113-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492978Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:28.237{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-21275-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492977Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:27.933{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58824-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492980Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:29.615{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-39034-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492979Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:28.816{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23877-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492981Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:29.691{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44724-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492985Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:31.644{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-54325-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492984Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:31.578{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-35318-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492983Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:31.320{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-13708-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492982Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:30.750{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11288-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492988Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:32.588{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58887-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492987Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:32.269{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57535-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492986Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:31.957{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56200-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000191204Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.980{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191203Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.980{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191202Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.980{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191201Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.980{CCAA35FA-8EBB-6086-0B00-00000000BA01}5884144C:\Windows\system32\lsass.exe{CCAA35FA-8EB9-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000191200Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191199Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191198Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191197Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191196Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191195Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191194Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191193Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191192Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191191Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191190Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191189Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191188Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191187Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191186Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:37.870{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000492989Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:33.258{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-44699-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492993Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:34.857{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11952-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492992Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:34.540{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10188-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492991Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:34.377{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-46868-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492990Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:34.128{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-25119-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492995Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:35.482{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15722-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492994Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:35.170{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13720-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492997Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:37.018{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37104-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492996Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:36.869{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50596-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493001Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:38.040{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27631-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493000Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:37.724{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25853-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492999Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:37.608{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-39498-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000492998Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:37.234{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-59008-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493002Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:38.356{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29321-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493006Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:40.470{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56427-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493005Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:40.402{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50758-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493004Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:40.318{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39541-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493003Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:40.032{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-11745-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191208Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:40:42.553{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in28871-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 10341000x8000000000000000191207Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:45.027{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191206Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:45.027{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191205Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:40:45.027{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000493010Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:42.102{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.165.16.34-15298-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493009Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:41.640{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-55905-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493008Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:41.044{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53278-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493007Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:40.631{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40913-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493011Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:42.473{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.165.16.34-15605-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493012Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:42.818{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23203-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493013Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:43.969{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-2940-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493014Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:44.422{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-8342-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493015Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:45.600{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-34732-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493016Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:47.195{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-19490-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493018Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:48.356{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-46311-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493017Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:48.303{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9350-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493019Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:50.073{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-31154-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493020Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:51.113{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57817-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493021Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:52.921{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42963-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493022Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:53.990{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10552-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493023Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:54.839{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20825-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493026Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:56.823{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22737-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493025Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:55.697{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-54116-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493024Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:55.649{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56140-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493027Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:57.803{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6954-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493028Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:58.564{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6825-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493031Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:00.227{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-29057-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493030Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:59.812{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17247-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493029Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:40:59.642{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-34643-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493034Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:02.451{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-46384-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493033Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:01.894{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27733-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493032Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:01.443{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18590-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493037Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:04.283{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30322-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493036Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:03.900{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34891-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493035Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:03.858{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37431-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493040Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:05.485{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35198-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493039Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:05.221{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58135-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493038Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:04.878{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32862-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493045Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:06.519{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50526-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493044Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:06.203{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48566-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493043Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:06.103{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37821-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493042Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:05.811{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47377-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493041Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:05.800{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1522-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493048Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:07.647{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-40302-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493047Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:07.299{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42680-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493046Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:06.697{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40286-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000493076Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493075Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493074Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493073Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493072Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493071Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493070Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493069Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493068Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493067Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493066Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493065Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493064Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493063Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493062Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493061Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493060Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493059Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493058Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493057Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493056Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493055Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493054Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493053Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493052Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:41:12.800{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000493051Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:08.580{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-13313-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493050Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:08.483{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1318-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493049Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:08.256{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-42850-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191209Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:41:10.527{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in25429-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493078Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:09.175{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15839-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493077Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:09.053{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-43336-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493081Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:10.434{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11514-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493080Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:10.133{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-54452-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493079Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:10.091{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-44303-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493085Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:11.385{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-46426-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493084Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:11.339{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-59380-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493083Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:10.731{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56912-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493082Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:10.707{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-45762-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493088Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:12.085{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-48211-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493087Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:11.978{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27674-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493086Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:11.932{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2838-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493095Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:13.887{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28251-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493094Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:13.756{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50884-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493093Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:13.571{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26784-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493092Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:13.254{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-24978-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493091Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:13.085{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49374-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493090Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:12.939{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23257-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493089Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:12.628{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21799-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493100Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:14.744{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39315-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493099Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:14.742{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14322-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493098Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:14.520{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31387-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493097Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:14.428{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51201-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493096Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:14.204{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29904-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493104Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:15.845{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-54150-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493103Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:15.350{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-41716-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493102Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:15.027{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-52647-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493101Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:14.836{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32865-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493107Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:16.818{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42877-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493106Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:16.526{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-46734-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493105Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:15.936{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-44286-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493112Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:17.732{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-51750-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493111Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:17.554{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-25877-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493110Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:17.457{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45394-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493109Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:17.137{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43866-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493108Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:17.135{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-49160-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493116Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:18.724{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52368-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493115Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:18.411{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50936-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493114Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:18.092{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49207-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493113Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:17.776{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47280-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493117Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:19.040{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53547-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493119Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:20.538{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-4571-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493118Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:20.295{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37167-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493124Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:21.959{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9047-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493123Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:21.647{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7908-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493122Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:21.325{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6147-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493121Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:21.006{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4587-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493120Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:20.979{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-3245-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493125Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:22.270{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10528-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493128Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:23.966{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-18830-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493127Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:23.346{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-16263-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493126Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:23.122{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-48761-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493131Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:24.537{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22052-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493130Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:24.511{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-8616-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493129Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:24.216{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20569-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493132Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:24.857{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23787-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493135Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:25.989{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1832-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493134Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:25.893{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-10526-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493133Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:25.154{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9727-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493140Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:27.201{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6831-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493139Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:27.128{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34861-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493138Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:26.815{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33741-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493137Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:26.789{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-30590-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493136Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:26.596{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-3956-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493143Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:27.798{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9161-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493142Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:27.442{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36235-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493141Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:27.378{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-33133-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493144Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:28.391{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11701-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493145Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:29.407{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46178-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493148Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:31.169{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23010-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493147Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:31.124{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-19390-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493146Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:30.152{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-45021-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493151Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:31.946{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20559-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493150Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:31.693{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57460-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493149Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:31.373{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56226-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191210Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:41:34.503{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.144.225.67-50999-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 10341000x8000000000000000191211Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:41:38.861{CCAA35FA-8EBD-6086-0D00-00000000BA01}8444756C:\Windows\system32\svchost.exe{CCAA35FA-8EBE-6086-1600-00000000BA01}1252C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000493155Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:33.992{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34611-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493154Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:33.650{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8397-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493153Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:33.538{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-59073-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493152Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:32.910{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56585-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493166Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:35.466{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-26298-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000493165Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:41:39.192{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000493164Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:41:39.192{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09ecbe0d) 13241300x8000000000000000493163Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:41:39.192{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c01-0xec2588b1) 13241300x8000000000000000493162Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:41:39.192{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0a-0x4de9f0b1) 13241300x8000000000000000493161Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:41:39.192{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c12-0xafae58b1) 13241300x8000000000000000493160Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:41:39.192{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000493159Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:41:39.192{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09ecbe0d) 13241300x8000000000000000493158Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:41:39.192{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c01-0xec2588b1) 13241300x8000000000000000493157Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:41:39.192{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0a-0x4de9f0b1) 13241300x8000000000000000493156Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:41:39.192{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c12-0xafae58b1) 354300x8000000000000000493168Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:36.418{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-12299-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493167Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:36.098{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-27267-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493170Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:37.036{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-14848-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493169Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:36.840{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-46188-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191212Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:41:38.544{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in3440-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493171Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:37.626{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17376-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493176Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:39.770{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58185-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493175Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:39.580{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-32852-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493174Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:38.988{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34908-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493173Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:38.671{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18876-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493172Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:38.200{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-19840-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493178Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:40.379{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1851-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493177Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:40.197{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-33921-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493181Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:40.984{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4249-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493180Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:40.950{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-31281-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493179Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:40.948{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44932-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493185Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:42.239{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9358-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493184Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:42.124{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-36308-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493183Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:41.596{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6728-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493182Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:41.534{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-33832-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493189Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:43.477{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14489-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493188Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:43.203{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55823-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493187Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:42.885{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-54519-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493186Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:42.858{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-12009-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493191Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:44.146{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17131-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493190Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:43.866{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-40003-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493195Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:45.520{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7617-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493194Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:45.382{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-22338-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493193Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:44.936{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-47990-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493192Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:44.780{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-19914-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493196Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:45.970{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-24861-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493198Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:47.721{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-59667-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493197Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:47.562{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-45705-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493200Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:48.744{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-36202-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493199Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:48.348{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-3372-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493202Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:51.523{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47602-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493201Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:51.204{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15490-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000191215Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:41:56.892{CCAA35FA-8ECB-6086-2200-00000000BA01}2260C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000191214Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:41:56.892{CCAA35FA-8ECB-6086-2200-00000000BA01}2260C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EE435297-3B6E-4E37-882A-1C68A89E63E6\Config SourceDWORD (0x00000001) 13241300x8000000000000000191213Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:41:56.892{CCAA35FA-8ECB-6086-2200-00000000BA01}2260C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EE435297-3B6E-4E37-882A-1C68A89E63E6\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_EE435297-3B6E-4E37-882A-1C68A89E63E6.XML 354300x8000000000000000493203Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:52.831{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-54151-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493205Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:54.345{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-59159-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493204Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:54.002{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27154-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493206Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:56.783{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39056-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493208Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:57.617{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-2929-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493207Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:57.134{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11860-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493210Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:59.893{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23121-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493209Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:41:59.550{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-50525-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 11241100x8000000000000000493213Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:42:05.726{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.yr28202021-04-28 08:42:05.726 11241100x8000000000000000493212Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:42:05.710{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.lock2021-04-28 08:42:05.710 354300x8000000000000000493211Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:00.518{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22780-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493215Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:02.449{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-3729-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493214Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:01.474{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9023-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493218Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:04.562{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42885-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493217Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:02.731{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34820-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493216Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:02.615{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33154-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493221Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:05.558{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-46458-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493220Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:05.247{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15385-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493219Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:05.190{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-15064-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191216Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:42:06.596{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in26846-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493222Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:06.706{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52895-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493226Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:08.653{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3645-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493225Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:08.628{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20591-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493224Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:08.393{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58007-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493223Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:08.089{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27373-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493229Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:11.251{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-10666-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493228Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:10.921{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39091-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493227Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:10.599{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13736-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493232Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:12.878{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25135-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493231Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:12.564{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23529-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493230Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:12.238{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-26565-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493234Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:14.071{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-22405-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493233Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:13.739{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-50877-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493237Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:14.968{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55943-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493236Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:14.842{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34885-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493235Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:14.338{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53226-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493240Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:16.881{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-33793-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493239Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:15.645{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-38645-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493238Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:15.322{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37104-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493245Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:18.258{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51387-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493244Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:17.937{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50113-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493243Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:17.883{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-9224-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493242Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:17.617{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48626-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493241Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:17.499{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-36349-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493249Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:19.394{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-37740-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493248Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:18.772{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-36535-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493247Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:18.582{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52920-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493246Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:18.472{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-11635-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493251Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:20.344{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47981-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493250Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:20.046{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-39063-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493255Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:21.232{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23235-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493254Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:21.158{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7014-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493253Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:20.949{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50379-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493252Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:20.843{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-5716-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493260Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:22.759{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-57838-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493259Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:22.404{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27940-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493258Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:22.165{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-55406-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493257Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:21.823{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25597-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493256Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:21.564{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-52821-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493262Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:23.134{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16010-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493261Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:23.006{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-30392-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493268Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:24.096{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20644-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493267Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:23.963{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-3799-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493266Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:23.953{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-45171-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493265Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:23.774{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18974-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493264Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:23.455{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17554-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493263Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:23.365{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1232-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493272Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:25.391{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47218-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493271Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:25.187{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-8721-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493270Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:24.628{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-46476-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493269Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:24.570{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6228-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493275Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:26.073{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-48468-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493274Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:26.067{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30966-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493273Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:25.826{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-42237-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493279Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:28.078{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-20514-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493278Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:28.008{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40779-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493277Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:27.346{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50695-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493276Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:26.702{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49794-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493280Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:28.632{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-54075-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493282Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:29.263{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-25468-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493281Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:28.675{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23092-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493284Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:29.998{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50743-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493283Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:29.873{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27920-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493286Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:31.329{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-6374-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493285Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:30.724{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56051-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493289Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:32.713{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-39772-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493288Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:32.105{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1592-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493287Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:31.914{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8773-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493291Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:34.709{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20759-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493290Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:34.037{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11184-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191217Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:42:34.632{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in42039-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493295Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:36.171{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-5668-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493294Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:36.156{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53748-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493293Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:36.019{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21512-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493292Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:35.554{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51231-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493296Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:36.755{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-55998-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493299Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:37.629{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-8198-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493298Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:37.534{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32576-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493297Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:36.924{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-7002-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493303Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:38.608{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33941-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493302Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:38.322{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9658-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493301Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:38.288{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32795-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493300Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:37.967{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31233-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493306Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:39.771{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-11622-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493305Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:39.586{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-8931-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493304Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:39.054{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-10403-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493309Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:40.944{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-46974-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493308Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:40.424{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12503-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493307Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:40.342{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-44347-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493313Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:41.808{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50347-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493312Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:41.532{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-49349-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493311Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:41.492{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48874-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493310Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:41.176{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47369-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493316Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:42.369{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-20493-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493315Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:42.128{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-51853-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493314Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:42.118{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52073-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493325Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:44.784{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30352-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493324Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:44.701{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-19802-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493323Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:44.700{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6207-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493322Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:44.382{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4366-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493321Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:44.196{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27972-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493320Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:44.066{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-2620-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493319Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:44.052{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-18522-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493318Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:43.587{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-25405-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493317Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:42.969{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-22880-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493330Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:45.849{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12073-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493329Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:45.646{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-7599-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493328Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:45.525{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9787-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493327Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:45.017{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7800-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493326Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:44.973{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-4836-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493332Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:46.239{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10299-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493331Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:46.159{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13417-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493337Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:48.121{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23301-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493336Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:48.045{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17743-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493335Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:47.576{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-41666-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493334Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:47.437{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15143-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493333Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:46.834{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-12620-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493340Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:48.993{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-26318-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493339Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:48.754{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26109-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493338Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:48.439{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-24657-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493342Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:49.651{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-27429-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493341Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:49.066{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27830-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493347Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:51.049{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56341-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493346Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:51.027{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37768-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493345Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:50.852{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-29367-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493344Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:50.447{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53630-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493343Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:50.295{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-28184-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493348Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:51.644{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58650-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493351Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:52.989{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47362-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493350Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:52.868{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4774-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493349Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:52.259{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2250-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493354Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:53.829{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34185-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493353Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:53.655{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-41122-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493352Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:53.304{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49152-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000191227Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:42:59.660{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000191226Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:42:59.660{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a07c732) 13241300x8000000000000000191225Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:42:59.660{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0x1c13f98d) 13241300x8000000000000000191224Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:42:59.660{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0a-0x7dd8618d) 13241300x8000000000000000191223Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:42:59.660{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c12-0xdf9cc98d) 13241300x8000000000000000191222Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:42:59.660{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000191221Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:42:59.660{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a07c732) 13241300x8000000000000000191220Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:42:59.660{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0x1c13f98d) 13241300x8000000000000000191219Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:42:59.660{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0a-0x7dd8618d) 13241300x8000000000000000191218Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:42:59.660{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c12-0xdf9cc98d) 354300x8000000000000000493360Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:55.871{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-37545-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493359Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:55.701{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16484-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493358Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:55.266{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58934-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493357Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:55.195{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-36439-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493356Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:54.503{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-35104-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493355Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:54.254{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43707-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493364Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:57.342{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9492-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493363Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:57.097{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55741-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493362Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:56.908{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21453-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493361Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:56.304{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18933-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493368Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:58.281{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1710-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493367Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:57.689{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58276-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493366Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:57.659{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11309-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493365Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:57.499{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23842-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493370Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:59.390{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-43231-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493369Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:58.889{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-4266-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493374Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:00.332{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35375-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493373Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:00.258{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-24867-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493372Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:59.941{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23386-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493371Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:42:59.632{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21391-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191228Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:43:02.631{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in64292-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493377Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:01.430{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30569-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493376Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:01.045{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28267-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493375Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:00.727{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26803-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493378Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:01.738{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-16287-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493381Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:03.381{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40019-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493380Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:03.285{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49278-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493379Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:03.206{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47104-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493383Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:03.990{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50540-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493382Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:03.702{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41426-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493384Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:04.472{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27691-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493388Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:06.417{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55072-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493387Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:06.099{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53569-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493386Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:06.056{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58712-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493385Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:05.782{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52121-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493391Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:07.279{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4882-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493390Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:07.224{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39189-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493389Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:06.675{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2335-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493396Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:08.500{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9784-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493395Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:08.379{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-5409-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493394Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:08.332{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57268-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493393Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:07.871{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-7235-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493392Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:07.659{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56206-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493426Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:09.989{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-50715-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000493425Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493424Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493423Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493422Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493421Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493420Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493419Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493418Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493417Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493416Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493415Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493414Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493413Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493412Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493411Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493410Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493409Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493408Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493407Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493406Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493405Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493404Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493403Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493402Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493401Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:13.806{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000493400Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:09.718{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14815-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493399Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:09.103{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-12406-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493398Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:09.047{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8221-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493397Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:08.696{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6600-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493428Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:10.579{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53260-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493427Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:10.308{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17442-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493430Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:11.180{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55747-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493429Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:11.020{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18499-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493433Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:12.372{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1790-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493432Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:12.033{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-4386-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493431Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:11.779{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58192-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493437Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:13.614{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30677-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493436Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:13.454{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-6441-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493435Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:13.014{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-28478-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493434Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:12.721{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-5476-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493438Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:14.225{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-33317-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493439Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:15.160{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-13314-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493440Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:16.082{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28253-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000191229Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:43:20.482{CCAA35FA-8EBD-6086-1100-00000000BA01}324C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0a-0x8aafaeb8) 354300x8000000000000000493444Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:17.654{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47502-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493443Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:17.572{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-13285-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493442Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:17.056{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45085-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493441Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:16.909{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12227-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493450Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:18.681{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56509-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493449Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:18.557{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27706-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493448Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:18.359{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55427-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493447Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:18.289{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-14588-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493446Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:18.045{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53850-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493445Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:17.964{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25318-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493453Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:19.749{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32719-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493452Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:19.160{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-30135-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493451Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:18.994{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58196-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493456Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:20.915{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-37577-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493455Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:20.445{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58958-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493454Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:20.326{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-35149-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493462Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:21.878{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20313-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493461Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:21.657{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4989-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493460Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:21.543{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39939-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493459Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:21.469{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11732-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493458Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:21.151{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9463-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493457Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:21.054{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2566-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493464Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:22.617{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-21497-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493463Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:22.276{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-7655-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493469Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:23.745{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22219-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493468Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:23.479{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-12649-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493467Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:23.424{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20906-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493466Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:23.308{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-22823-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493465Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:22.877{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-10033-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493473Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:24.663{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17638-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493472Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:24.520{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-52620-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493471Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:24.082{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-15130-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493470Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:24.067{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23404-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493479Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:26.736{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36745-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493478Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:26.455{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-24574-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493477Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:26.421{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35134-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493476Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:26.106{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33308-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493475Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:25.854{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-22380-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493474Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:25.246{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-19931-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493485Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:27.661{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-29716-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493484Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:27.360{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39319-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493483Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:27.345{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-5573-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493482Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:27.066{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27305-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493481Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:27.050{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37941-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493480Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:26.848{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-28354-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493486Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:27.673{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40920-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493488Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:28.842{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34684-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493487Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:28.254{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32226-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493492Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:30.151{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17268-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493491Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:30.014{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-39430-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493490Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:29.650{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50784-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493489Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:29.423{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37179-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191230Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:43:30.659{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in53760-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493495Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:30.977{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34865-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493494Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:30.756{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-19739-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493493Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:30.301{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-33871-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493497Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:31.662{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-35821-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493496Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:31.612{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1924-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493498Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:32.337{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-37080-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493502Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:34.332{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15260-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493501Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:34.018{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13564-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493500Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:33.630{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-31520-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493499Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:32.866{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51176-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493503Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:34.648{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16702-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493511Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:36.929{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27943-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493510Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:36.617{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26412-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493509Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:36.445{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43484-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493508Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:36.019{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-43064-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493507Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:35.736{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4168-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000493506Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:41.040{ED2ECF8A-9556-6086-0C00-00000000BB01}6848816C:\Windows\system32\svchost.exe{ED2ECF8A-9556-6086-1300-00000000BB01}648C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493505Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:41.040{ED2ECF8A-9556-6086-0C00-00000000BB01}6848760C:\Windows\system32\svchost.exe{ED2ECF8A-9556-6086-1300-00000000BB01}648C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493504Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:43:41.040{ED2ECF8A-9556-6086-0C00-00000000BB01}6848760C:\Windows\system32\svchost.exe{ED2ECF8A-9556-6086-1300-00000000BB01}648C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000493514Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:39.272{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55347-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493513Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:38.880{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37211-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493512Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:38.512{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-15291-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493515Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:39.507{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-48687-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493517Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:41.469{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27714-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493516Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:40.827{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46883-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493518Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:42.065{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8008-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493522Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:44.948{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57550-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493521Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:44.890{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-19682-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493520Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:44.300{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-39277-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493519Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:43.007{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56854-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493523Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:44.974{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7572-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493525Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:46.232{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59605-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493524Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:45.616{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58385-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493531Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:47.781{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53601-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493530Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:47.693{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-31366-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493529Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:47.586{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20518-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493528Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:47.266{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19360-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493527Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:47.192{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51198-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493526Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:46.947{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17622-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493533Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:48.377{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56033-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493532Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:48.299{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-33693-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493537Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:49.878{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32256-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493536Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:49.557{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30510-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493535Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:48.977{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58456-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493534Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:48.893{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-36381-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493538Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:50.194{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33893-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493545Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:52.563{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-10702-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493544Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:52.451{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44880-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493543Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:52.427{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-13326-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493542Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:52.136{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43304-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493541Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:51.901{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9342-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493540Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:51.813{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11123-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493539Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:51.708{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-48152-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493553Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:54.034{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52528-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493552Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:53.861{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12770-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493551Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:53.715{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50708-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493550Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:53.397{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49058-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493549Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:53.231{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-11774-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493548Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:53.086{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47398-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493547Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:53.043{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16000-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493546Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:52.768{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46031-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493556Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:54.548{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-59611-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493555Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:54.498{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-13917-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493554Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:54.350{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53946-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493559Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:55.733{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-5603-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493558Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:55.148{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-3259-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493557Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:55.136{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-14947-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493563Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:56.459{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30025-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493562Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:56.310{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4651-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493561Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:55.868{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27659-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493560Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:55.796{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-15866-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493566Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:57.425{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10211-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493565Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:57.102{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8701-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493564Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:56.777{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7002-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191231Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:43:58.669{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in5667-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493567Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:58.491{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17073-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493571Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:59.782{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21524-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493570Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:59.602{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-21978-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493569Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:59.410{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19930-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493568Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:43:59.281{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-41691-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493573Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:00.231{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-22931-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493572Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:00.098{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22990-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493576Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:02.318{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-54279-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493575Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:02.063{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32890-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493574Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:01.591{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-29891-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493578Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:04.030{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42649-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493577Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:03.875{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-28722-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493580Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:04.395{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-41879-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493579Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:04.388{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44265-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191232Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:44:07.088{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse31.42.184.31dedicated.vsys.host50204-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493583Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:05.766{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9583-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493582Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:05.153{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6921-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493581Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:04.974{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-44352-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 11241100x8000000000000000493585Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:44:11.628{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.FH28202021-04-28 08:44:11.628 11241100x8000000000000000493584Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:44:11.628{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.lock2021-04-28 08:44:11.628 354300x8000000000000000493589Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:07.759{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55843-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493588Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:07.451{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34466-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493587Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:06.828{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55167-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493586Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:06.370{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-12081-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493595Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:09.767{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-26070-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493594Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:09.539{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-4413-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493593Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:09.163{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23715-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493592Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:08.939{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1882-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493591Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:08.817{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6476-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493590Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:08.340{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58351-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493598Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:10.799{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16642-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493597Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:10.776{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-9561-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493596Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:10.158{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-7005-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493603Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:11.833{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21405-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493602Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:11.625{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-40986-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493601Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:11.447{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19773-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493600Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:11.124{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18423-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493599Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:10.944{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-40003-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493606Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:12.589{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37773-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493605Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:12.331{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-42279-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493604Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:12.147{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22999-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493610Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:14.104{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32652-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493609Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:13.773{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42597-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493608Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:13.622{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-21452-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493607Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:13.177{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40165-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493617Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:15.042{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37346-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493616Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:14.995{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47485-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493615Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:14.842{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-26480-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493614Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:14.733{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35822-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493613Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:14.422{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34472-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493612Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:14.382{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45068-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493611Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:14.231{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23899-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493621Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:15.985{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42413-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493620Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:15.785{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47749-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493619Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:15.668{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40728-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493618Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:15.358{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39077-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493624Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:17.090{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49879-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493623Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:16.466{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-48887-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493622Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:16.307{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43970-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493631Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:18.776{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56269-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493630Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:18.456{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-54490-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493629Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:18.431{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2772-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493628Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:18.378{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51791-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493627Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:17.838{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-59141-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493626Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:17.745{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50858-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493625Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:17.687{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-38428-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493633Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:19.091{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58236-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493632Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:19.070{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-53086-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493634Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:19.754{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-54065-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493636Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:20.701{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55211-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493635Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:20.459{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-49947-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493641Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:22.860{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58911-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493640Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:22.151{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57647-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493639Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:21.356{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56965-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493638Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:21.155{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-13739-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493637Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:21.042{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9267-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493642Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:23.185{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18851-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493646Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:23.973{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-25194-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493645Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:23.848{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-5154-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493644Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:23.500{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20645-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493643Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:23.252{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-2666-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191233Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:44:26.688{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in8448-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493651Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:25.784{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32707-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493650Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:25.467{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31159-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493649Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:25.196{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30256-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493648Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:24.589{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27735-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493647Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:24.443{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-7429-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493656Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:27.438{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41344-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493655Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:27.244{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-19319-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493654Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:27.109{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-6877-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493653Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:26.401{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-5607-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493652Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:26.376{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35055-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493659Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:27.835{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-21897-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493658Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:27.748{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42719-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493657Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:27.746{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-8087-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493662Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:29.152{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-46262-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493661Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:29.034{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27008-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493660Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:28.444{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24361-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493665Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:30.366{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51210-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493664Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:29.758{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-48835-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493663Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:29.700{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52824-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493666Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:31.169{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-13875-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493672Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:32.933{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10172-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493671Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:32.617{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8602-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493670Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:32.297{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7256-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493669Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:31.983{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-5499-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493668Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:31.868{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-14544-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493667Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:31.800{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-38312-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493674Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:33.243{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-3925-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493673Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:33.240{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11924-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493675Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:33.839{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6503-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493679Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:35.924{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-21126-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493678Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:35.230{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20124-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493677Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:35.188{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21853-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493676Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:34.597{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-49952-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493681Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:36.670{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17873-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493680Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:36.562{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-22360-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493682Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:37.149{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31603-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493688Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:38.088{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35479-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493687Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:38.050{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-5267-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493686Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:37.778{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33972-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493685Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:37.465{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32916-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493684Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:37.436{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-2988-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493683Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:37.282{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-20363-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493691Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:39.239{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10434-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493690Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:38.658{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-7994-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493689Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:38.410{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37188-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493694Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:40.731{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34365-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493693Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:40.147{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-27869-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493692Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:40.122{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32018-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493697Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:41.998{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-21994-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493696Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:41.662{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-30046-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493695Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:40.919{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-28847-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493698Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:42.589{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24354-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493702Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:44.035{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6421-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493701Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:43.716{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4774-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493700Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:43.574{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45925-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493699Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:43.399{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47393-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493703Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:44.355{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7952-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493705Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:45.655{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-36446-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493704Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:45.421{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-36143-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493708Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:46.725{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18583-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493707Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:46.306{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-57082-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493706Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:46.305{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-37400-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493713Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:47.717{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-24344-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493712Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:47.629{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-39723-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493711Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:47.396{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23547-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493710Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:47.070{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21785-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493709Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:47.001{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-38608-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493718Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:48.772{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-49956-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493717Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:48.663{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28851-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493716Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:48.345{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27161-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493715Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:48.186{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-47535-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493714Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:48.032{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25396-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493720Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:49.379{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-52405-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493719Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:49.116{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9684-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493724Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:50.920{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40845-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493723Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:50.614{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39165-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493722Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:50.584{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57519-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493721Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:49.982{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-54922-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493730Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:51.807{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-46502-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493729Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:51.798{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-3610-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493728Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:51.705{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44240-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493727Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:51.382{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42314-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493726Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:51.190{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-59964-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493725Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:51.188{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-45354-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493738Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:53.924{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50193-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493737Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:53.802{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-28915-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493736Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:53.674{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53812-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493735Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:53.225{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-48714-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493734Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:53.197{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-26373-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493733Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:52.595{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23954-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493732Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:52.481{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47336-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493731Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:51.980{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21431-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493741Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:54.734{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51185-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493740Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:54.584{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15187-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493739Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:54.411{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-31128-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191234Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:44:54.726{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in30178-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493743Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:55.630{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4841-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493742Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:55.436{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-52312-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493748Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:56.751{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-54215-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493747Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:56.735{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10003-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493746Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:56.422{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7693-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493745Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:56.080{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-53111-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493744Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:55.945{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6387-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493753Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:57.828{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45400-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493752Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:57.490{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27090-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493751Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:57.415{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55513-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493750Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:57.223{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-43041-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493749Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:57.053{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11899-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493755Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:58.831{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57771-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493754Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:58.108{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56666-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493760Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:00.145{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59678-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493759Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:59.784{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25289-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493758Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:59.458{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58801-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493757Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:59.322{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23083-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493756Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:44:59.008{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21729-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493764Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:01.548{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-44270-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493763Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:00.960{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-41603-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493762Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:00.834{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-57691-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493761Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:00.381{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39349-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493766Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:02.140{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-46469-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493765Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:01.954{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36103-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493767Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:02.719{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-49037-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493772Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:04.548{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48695-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493771Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:04.240{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46799-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493770Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:03.924{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45603-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493769Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:03.836{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11152-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493768Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:03.824{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-6775-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493774Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:05.483{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1625-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493773Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:04.859{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50463-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493775Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:06.079{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-4046-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493777Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:06.834{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1438-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493776Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:06.722{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23025-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493778Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:07.480{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12428-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493781Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:09.198{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12792-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493780Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:08.876{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15829-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493779Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:08.873{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11000-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000493807Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493806Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493805Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493804Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493803Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493802Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493801Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493800Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493799Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493798Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493797Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493796Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493795Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493794Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493793Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493792Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493791Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493790Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493789Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493788Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493787Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493786Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493785Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493784Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000493783Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:45:14.817{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000493782Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:09.555{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34794-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493809Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:11.218{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23089-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493808Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:10.981{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-18222-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493810Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:11.615{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27202-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493811Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:12.361{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-46201-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493814Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:14.563{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-23940-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493813Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:14.527{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39260-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493812Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:13.152{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32727-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493817Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:15.297{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-25017-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493816Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:15.256{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58159-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493815Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:15.097{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42921-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493819Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:16.596{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-27294-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493818Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:15.981{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-26148-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493821Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:17.322{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-51001-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493820Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:17.310{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53679-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493826Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:18.717{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-13397-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493825Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:18.490{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55869-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493824Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:18.099{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-10888-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493823Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:17.908{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53478-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493822Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:17.627{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55441-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493829Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:19.588{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6456-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493828Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:19.324{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-15888-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493827Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:19.074{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58230-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493832Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:20.274{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-32968-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493831Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:20.205{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9738-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493830Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:19.898{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8209-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493834Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:21.599{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-35147-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493833Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:20.918{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34301-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493840Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:22.736{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-29950-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493839Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:22.721{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21906-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493838Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:22.407{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19966-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493837Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:22.283{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-36319-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493836Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:22.142{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27503-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493835Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:21.841{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10751-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191235Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:45:22.700{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in46801-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493846Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:23.968{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34973-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493845Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:23.600{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-38413-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493844Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:23.361{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32334-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493843Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:23.351{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25776-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493842Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:23.037{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23836-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493841Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:22.898{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-37141-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493847Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:24.233{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-39286-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493853Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:25.563{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-41503-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493852Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:25.293{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35908-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493851Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:25.244{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24898-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493850Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:24.912{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-40381-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493849Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:24.643{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22451-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493848Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:24.548{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37373-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493858Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:27.053{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-43528-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493857Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:26.206{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-42541-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493856Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:26.027{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39164-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493855Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:25.839{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27496-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493854Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:25.708{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37215-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493859Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:27.267{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-48318-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493865Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:28.633{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52412-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493864Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:28.602{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-38925-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493863Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:28.313{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51052-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493862Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:28.301{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse96.74.206.25096-74-206-250-static.hfc.comcastbusiness.net61534-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493861Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:27.994{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49536-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493860Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:27.873{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50927-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493868Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:29.576{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57527-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493867Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:29.260{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55787-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493866Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:28.940{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53929-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493871Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:30.780{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49529-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493870Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:30.686{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-3730-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493869Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:30.336{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse190.217.34.202-61073-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493875Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:31.839{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9720-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493874Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:31.521{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8677-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493873Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:31.450{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50783-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493872Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:31.410{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-50790-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493878Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:32.570{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55573-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493877Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:32.092{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51883-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493876Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:31.987{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53121-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493881Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:34.061{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17587-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493880Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:33.809{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19680-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493879Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:33.457{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14968-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493883Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:34.432{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22804-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000191254Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.109{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191253Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.109{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191252Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.109{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191251Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.109{CCAA35FA-8EBB-6086-0B00-00000000BA01}5884424C:\Windows\system32\lsass.exe{CCAA35FA-8EB9-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000191250Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191249Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191248Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191247Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191246Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191245Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191244Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191243Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191242Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191241Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191240Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191239Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191238Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191237Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191236Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:38.000{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000493882Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:34.121{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21114-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493887Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:36.400{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58977-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493886Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:36.392{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32916-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493885Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:35.744{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57678-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493884Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:35.370{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8144-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493888Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:36.869{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-29020-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493894Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:38.749{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22365-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493893Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:38.672{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43586-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493892Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:38.352{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42331-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493891Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:38.160{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-19821-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493890Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:37.806{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-2078-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493889Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:37.090{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59723-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493899Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:40.322{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-43432-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493898Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:39.928{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27251-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493897Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:39.715{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40935-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493896Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:39.342{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24727-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493895Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:38.996{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45158-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000191257Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:45.031{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191256Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:45.031{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191255Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:45:45.031{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000493906Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:42.100{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-8892-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493905Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:41.938{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1381-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493904Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:41.623{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59068-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493903Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:41.495{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-7786-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493902Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:41.299{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57392-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493901Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:40.979{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55372-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493900Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:40.924{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45950-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493909Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:42.682{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-38633-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493908Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:42.570{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4357-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493907Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:42.255{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-2703sms-chatfalse10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493912Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:43.892{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43555-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493911Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:43.766{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-57405-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493910Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:43.270{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-41014-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493918Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:45.090{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-48673-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493917Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:44.997{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-3553-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493916Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:44.856{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16419-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493915Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:44.534{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-14518-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493914Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:44.496{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-46141-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493913Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:44.379{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-59945-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493922Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:46.309{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-15933-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493921Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:46.250{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53574-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493920Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:45.669{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-51154-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493919Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:45.654{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-14575-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493925Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:47.050{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27196-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493924Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:46.966{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-16675-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493923Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:46.827{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56045-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493934Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:48.935{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36878-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493933Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:48.616{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35144-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493932Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:48.458{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17695-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493931Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:48.295{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33736-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493930Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:47.987{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32067-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493929Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:47.861{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-15121-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493928Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:47.673{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30585-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493927Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:47.666{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-17949-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493926Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:47.366{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29073-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191258Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:45:50.667{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in18586-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493937Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:50.180{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10913-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493936Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:49.585{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8380-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493935Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:49.254{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-38722-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493939Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:51.194{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48497-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493938Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:50.774{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-13328-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493940Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:51.271{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-29004-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493941Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:53.140{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57619-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493945Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:55.092{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8059-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493944Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:54.734{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-43237-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493943Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:54.117{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40824-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493942Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:53.548{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24692-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493947Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:56.326{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-36327-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493946Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:55.543{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9583-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493949Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:57.623{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-54994-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493948Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:57.489{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20416-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493951Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:58.353{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-35132-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493950Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:58.242{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-57427-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493952Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:59.093{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-47834-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493953Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:45:59.610{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31105-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493954Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:01.089{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-10071-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493957Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:02.158{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-40972-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493956Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:01.888{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-59562-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493955Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:01.797{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41921-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493958Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:03.756{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51675-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493962Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:06.048{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4260-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493961Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:05.872{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-46977-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493960Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:04.693{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-12068-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493959Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:04.000{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-22025-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493966Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:06.861{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-33566-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493965Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:06.673{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6881-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493964Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:06.514{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse217.20.187.99-asd-gw.cslviv.lv.wnet.ua61366-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493963Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:06.364{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-5435-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493968Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:07.507{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23784-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493967Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:07.478{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-36142-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493971Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:08.693{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-28787-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493970Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:08.625{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16804-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493969Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:08.102{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-26316-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493972Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:09.278{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-31176-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493975Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:10.906{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50033-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493974Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:10.568{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26496-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493973Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:10.301{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47738-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493976Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:11.357{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55038-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493979Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:12.796{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56832-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493978Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:12.116{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55667-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493977Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:11.995{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-42332-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493982Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:13.700{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2430-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 11241100x8000000000000000493981Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:46:17.022{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.sy28202021-04-28 08:46:17.022 11241100x8000000000000000493980Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:46:17.022{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.lock2021-04-28 08:46:17.022 354300x8000000000000000493983Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:14.745{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53762-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493986Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:17.537{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-6486-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493985Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:16.887{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-3864-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493984Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:16.466{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-13752-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493987Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:18.166{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8917-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191259Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:46:18.637{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in58493-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000493988Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:19.284{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-25286-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493990Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:21.039{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20972-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493989Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:20.339{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9742-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493991Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:21.639{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23544-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493993Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:22.226{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25925-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493992Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:22.142{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-36935-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493994Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:23.807{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-15235-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493998Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:24.991{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-37470-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493997Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:24.976{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-48423-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493996Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:24.904{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-2044-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493995Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:24.597{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-59731-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494003Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:26.214{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45402-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494002Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:26.177{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-42463-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494001Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:25.901{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44234-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494000Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:25.588{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42406-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000493999Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:25.582{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39900-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494008Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:27.384{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-47393-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494007Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:27.148{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-12673-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494006Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:26.851{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-11542-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494005Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:26.786{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-45062-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494004Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:26.527{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46607-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494015Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:29.334{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-23374-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494014Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:29.050{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6164-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494013Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:29.040{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-22008-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494012Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:28.431{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-3885-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494011Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:27.997{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-49932-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494010Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:27.817{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1299-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494009Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:27.615{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-21330-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494021Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:30.265{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11298-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494020Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:30.232{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-27567-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494019Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:29.938{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-26245-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494018Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:29.877{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48406-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494017Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:29.656{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-8990-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494016Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:29.638{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-24775-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494026Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:31.471{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16412-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494025Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:31.418{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-5076-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494024Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:31.247{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-27173-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494023Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:30.867{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-13814-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494022Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:30.831{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-2818-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494030Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:32.156{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-36671-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494029Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:32.061{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18650-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494028Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:32.002{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-7677-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494027Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:31.975{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15151-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494038Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:33.832{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-26088-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494037Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:33.791{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15174-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494036Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:33.227{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23613-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494035Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:33.209{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-12681-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494034Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:32.838{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-39956-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494033Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:32.639{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21258-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494032Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:32.596{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10028-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494031Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:32.530{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-38308-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494040Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:34.372{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17441-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494039Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:33.951{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25121-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494057Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:35.909{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35273-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494056Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:35.738{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-53803-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494055Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:35.429{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-52168-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494054Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:35.120{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-50845-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494053Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:34.978{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-19980-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494052Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:34.815{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-49421-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494051Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:34.662{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-mumbai-host54418-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000494050Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:46:39.211{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000494049Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:46:39.211{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09f151fd) 13241300x8000000000000000494048Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:46:39.211{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0x9ef857b1) 13241300x8000000000000000494047Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:46:39.211{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0x00bcbfb1) 13241300x8000000000000000494046Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:46:39.211{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c13-0x628127b1) 13241300x8000000000000000494045Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:46:39.211{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000494044Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:46:39.211{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09f151fd) 13241300x8000000000000000494043Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:46:39.211{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0x9ef857b1) 13241300x8000000000000000494042Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:46:39.211{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0x00bcbfb1) 13241300x8000000000000000494041Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:46:39.211{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c13-0x628127b1) 354300x8000000000000000494062Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:36.626{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37607-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494061Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:36.626{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-58064-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494060Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:36.333{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-56731-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494059Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:36.221{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36579-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494058Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:36.044{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-55333-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494074Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:39.109{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-11058-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494073Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:39.041{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47628-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494072Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:38.815{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49417-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494071Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:38.803{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-9617-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494070Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:38.498{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47943-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494069Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:38.442{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45083-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494068Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:38.184{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46650-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494067Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:37.841{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42589-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494066Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:37.790{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-31714-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494065Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:37.238{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40111-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494064Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:36.944{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-36259-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494063Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:36.918{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-59500-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494077Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:39.447{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53055-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494076Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:39.419{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-12585-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494075Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:39.135{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51112-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494080Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:40.563{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43061-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494079Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:39.766{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-54598-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000494078Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:46:44.227{ED2ECF8A-9556-6086-1500-00000000BB01}788C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0b-0x0420a837) 354300x8000000000000000494085Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:41.860{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-59283-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494084Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:41.784{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-5472-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494083Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:41.416{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-43418-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494082Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:41.324{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-21773-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494081Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:41.175{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-45614-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494086Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:42.157{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-44688-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494090Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:43.527{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-46645-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494089Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:43.235{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-30607-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494088Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:42.860{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-45525-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494087Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:42.451{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2656-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494099Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:45.116{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-39360-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494098Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:44.950{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-48847-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494097Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:44.711{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19977-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494096Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:44.582{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-59633-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494095Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:44.391{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18465-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494094Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:44.190{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47782-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494093Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:44.073{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16905-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494092Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:43.984{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57281-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494091Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:43.756{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15321-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191260Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:46:46.649{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in30064-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494103Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:45.629{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50249-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494102Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:45.447{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23979-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494101Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:45.266{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14113-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494100Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:45.134{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21970-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494108Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:46.709{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29981-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494107Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:46.390{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28315-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494106Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:46.247{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51098-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494105Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:46.075{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26985-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494104Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:45.759{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25689-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494114Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:47.619{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-51363-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494113Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:47.583{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-53431-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494112Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:47.402{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-12507-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494111Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:47.313{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-49926-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494110Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:47.010{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-48447-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494109Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:46.885{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-52217-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494124Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:48.986{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41958-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494123Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:48.823{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-57071-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494122Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:48.740{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-28339-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494121Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:48.675{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40257-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494120Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:48.573{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17452-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494119Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:48.522{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-55592-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494118Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:48.220{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-54144-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494117Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:48.141{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-25693-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494116Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:47.996{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15084-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494115Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:47.921{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-52718-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494129Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:49.616{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44987-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494128Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:49.342{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30764-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494127Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:49.302{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43560-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494126Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:49.174{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-19891-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494125Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:49.119{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-58532-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494135Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:51.035{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-8555-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494134Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:50.976{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27431-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494133Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:50.384{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24993-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494132Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:50.349{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48424-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494131Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:50.031{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46747-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494130Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:49.762{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22444-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494139Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:51.631{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-11432-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494138Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:51.583{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-29619-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494137Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:51.324{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-10037-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494136Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:51.284{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59172-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494147Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:52.789{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-34877-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494146Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:52.647{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59594-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494145Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:52.624{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-2435-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494144Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:52.326{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58073-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494143Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:52.195{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32372-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494142Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:52.194{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42365-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494141Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:51.946{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-12984-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494140Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:51.881{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-1652-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494154Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:53.603{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-5157-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494153Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:53.401{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47354-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494152Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:53.378{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-37351-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494151Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:53.290{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-3793-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494150Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:53.282{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3512-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494149Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:52.963{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-2089-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494148Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:52.807{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-44985-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000191263Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:46:58.737{CCAA35FA-8ECB-6086-2200-00000000BA01}2260C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000191262Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:46:58.737{CCAA35FA-8ECB-6086-2200-00000000BA01}2260C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EE435297-3B6E-4E37-882A-1C68A89E63E6\Config SourceDWORD (0x00000001) 13241300x8000000000000000191261Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:46:58.737{CCAA35FA-8ECB-6086-2200-00000000BA01}2260C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EE435297-3B6E-4E37-882A-1C68A89E63E6\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_EE435297-3B6E-4E37-882A-1C68A89E63E6.XML 354300x8000000000000000494162Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:54.549{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9817-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494161Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:54.455{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-24649-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494160Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:54.234{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8353-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494159Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:54.164{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-23389-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494158Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:54.012{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-49826-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494157Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:53.991{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-4485-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494156Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:53.924{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6696-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494155Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:53.866{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-22003-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494178Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:56.561{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-34534-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494177Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:56.262{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-33186-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494176Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:56.198{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-49067-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494175Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:55.969{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-8044-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494174Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:55.958{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-31755-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494173Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:55.928{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16813-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494172Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:55.657{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-30447-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494171Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:55.611{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15077-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494170Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:55.367{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-28981-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494169Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:55.320{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-7036-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494168Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:55.301{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13305-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494167Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:55.071{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-27460-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494166Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:54.972{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11074-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494165Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:54.767{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-25880-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494164Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:54.669{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-5756-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494163Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:54.620{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-52323-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494186Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:58.008{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-7270-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494185Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:57.935{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-11203-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494184Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:57.895{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26398-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494183Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:57.409{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4953-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494182Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:57.306{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-10096-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494181Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:57.175{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-37501-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494180Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:56.873{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-36049-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494179Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:56.630{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9215-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494196Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:00.082{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36448-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494195Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:00.022{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-14576-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494194Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:59.666{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-49262-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494193Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:59.573{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-4171-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494192Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:59.359{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-47771-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494191Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:59.316{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-13429-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494190Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:59.061{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-46404-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494189Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:58.973{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1729-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494188Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:58.646{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12341-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494187Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:46:58.631{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9728-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494201Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:00.852{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-15829-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494200Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:00.762{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-9147-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494199Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:00.708{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39844-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494198Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:00.391{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-38336-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494197Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:00.166{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-6616-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494207Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:02.050{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-1552-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494206Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:02.019{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-14379-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494205Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:01.754{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-59157-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494204Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:01.596{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-22011-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494203Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:01.590{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-16756-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494202Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:01.405{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-11858-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494214Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:03.111{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51501-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494213Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:02.837{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-18835-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494212Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:02.795{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50241-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494211Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:02.650{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-4260-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494210Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:02.350{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-2936-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494209Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:02.210{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-17988-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494208Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:02.206{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-24438-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494219Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:04.141{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20929-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494218Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:04.052{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56730-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494217Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:03.733{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-54962-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494216Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:03.508{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-19980-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494215Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:03.419{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53166-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494225Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:05.081{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-2537-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494224Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:05.050{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-36155-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494223Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:04.882{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-26368-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494222Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:04.668{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59795-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494221Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:04.655{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-13496-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494220Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:04.361{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58490-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494232Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:06.702{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-33982-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494231Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:06.597{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-22888-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494230Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:06.291{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-41148-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494229Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:06.102{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-31437-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494228Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:05.672{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-38612-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494227Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:05.499{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-28923-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494226Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:05.437{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4341-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494233Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:06.900{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-43610-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494238Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:08.173{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18392-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494237Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:07.880{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-38969-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494236Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:07.855{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16832-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494235Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:07.698{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-26659-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494234Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:07.295{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-36441-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494244Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:09.080{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43877-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494243Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:09.048{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-28723-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494242Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:08.890{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-33815-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494241Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:08.570{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-32306-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494240Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:08.488{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-41467-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494239Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:08.355{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-27634-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494251Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:10.208{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28304-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494250Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:10.119{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-39794-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494249Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:09.825{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-38396-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494248Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:09.729{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-29724-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494247Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:09.715{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-55232-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494246Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:09.513{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-36904-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494245Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:09.199{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-35450-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494289Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:12.098{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37985-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494288Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:12.031{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-48968-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494287Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:11.860{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55457-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000494286Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494285Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494284Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494283Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494282Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494281Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494280Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494279Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494278Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494277Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494276Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494275Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494274Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494273Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494272Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494271Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494270Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494269Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494268Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494267Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494266Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494265Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494264Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494263Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494262Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:47:15.826{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000494261Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:11.776{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36017-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494260Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:11.707{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-33238-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494259Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:11.462{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34205-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494258Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:11.148{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32688-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494257Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:11.008{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-31947-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494256Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:10.937{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1300-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494255Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:10.837{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31582-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494254Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:10.526{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29945-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494253Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:10.344{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-30798-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494252Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:10.340{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-57800-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494290Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:12.337{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-50494-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191264Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:47:14.651{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in9412-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494296Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:13.043{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1419-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494295Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:13.007{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34921-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494294Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:12.730{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41193-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494293Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:12.456{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58030-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494292Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:12.416{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39656-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494291Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:12.373{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34078-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494307Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:14.941{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17655-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494306Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:14.841{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8965-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494305Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:14.702{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-2614-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494304Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:14.687{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50969-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494303Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:14.396{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-1139-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494302Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:14.342{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-37103-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494301Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:14.335{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-15163-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494300Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:14.248{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-6384-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494299Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:13.721{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-12530-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494298Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:13.664{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-36001-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494297Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:13.651{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-3877-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494312Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:15.439{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-11350-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494311Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:15.314{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-5584-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494310Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:15.172{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52671-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494309Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:15.012{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-38308-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494308Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:15.005{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-4164-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494320Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:16.441{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59010-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494319Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:16.241{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-9939-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494318Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:16.133{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57732-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494317Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:16.021{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-13810-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494316Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:15.921{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-8402-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494315Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:15.819{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56882-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494314Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:15.626{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-6920-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494313Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:15.500{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-54673-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494325Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:17.176{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-18632-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494324Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:17.061{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3554-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494323Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:16.748{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1684-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494322Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:16.595{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-16231-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494321Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:16.553{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.55.94-11452-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494331Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:18.983{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25985-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494330Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:18.949{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-33986-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494329Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:18.398{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23519-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494328Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:18.359{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-31652-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494327Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:17.795{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-21005-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494326Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:17.762{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-29091-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000191265Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:47:22.432{CCAA35FA-8EBB-6086-0B00-00000000BA01}5884144C:\Windows\system32\lsass.exe{CCAA35FA-8EB9-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000494333Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:19.570{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-28449-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494332Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:19.481{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15911-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494334Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:20.156{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-30811-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494337Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:21.576{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25753-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494336Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:21.339{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-35838-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494335Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:20.750{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-33300-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494339Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:22.612{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50137-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494338Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:21.726{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45410-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494340Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:23.301{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51397-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494344Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:24.513{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56661-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494343Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:24.102{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-47096-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494342Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:23.850{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36897-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494341Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:23.534{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35449-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494349Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:25.888{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-54658-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494348Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:25.805{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46744-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494347Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:25.306{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-52180-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494346Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:25.128{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-59177-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494345Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:24.711{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-49559-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494350Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:26.477{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56955-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494353Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:27.769{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56536-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494352Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:27.620{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58096-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494351Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:26.926{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57056-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494356Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:28.406{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59618-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494355Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:28.086{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57851-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494354Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:28.011{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11826-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494357Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:29.255{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-9492-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494358Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:30.362{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10443-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494360Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:31.851{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14304-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494359Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:31.097{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-4753-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494361Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:32.046{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20942-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494362Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:32.322{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20287-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494363Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:34.293{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30050-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494367Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:35.711{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42910-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494366Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:35.172{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse31.42.184.31dedicated.vsys.host63203-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494365Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:34.913{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-10823-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494364Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:34.776{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32075-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494370Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:36.757{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41933-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494369Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:36.440{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40443-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494368Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:36.320{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45550-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494371Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:37.594{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43686-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494373Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:39.143{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56936-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494372Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:38.725{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51650-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191266Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:47:42.718{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in59737-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494380Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:41.963{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9344-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494379Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:41.608{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1383-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494378Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:40.991{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57478-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494377Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:40.986{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3630-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494376Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:40.677{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-2178-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494375Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:40.401{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55519-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494374Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:40.347{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-19460-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494383Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:42.925{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12777-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494382Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:42.568{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11861-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494381Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:42.216{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-3655-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494386Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:44.076{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-25034-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494385Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:43.764{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16655-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494384Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:43.164{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14412-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494388Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:45.056{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15642-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494387Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:44.756{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-26280-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494395Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:46.769{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31337-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494394Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:46.620{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-28353-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494393Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:46.452{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29642-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494392Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:46.130{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28262-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494391Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:45.772{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26352-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494390Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:45.451{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-24779-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494389Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:45.132{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22772-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494396Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:47.078{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32960-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494398Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:49.054{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42828-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494397Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:48.821{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-18346-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494400Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:49.507{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40331-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494399Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:49.376{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44437-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494405Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:51.783{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56241-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494404Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:51.628{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43015-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494403Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:51.470{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-54684-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494402Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:50.702{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45147-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494401Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:50.116{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42649-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494406Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:52.097{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57891-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494408Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:52.404{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59490-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494407Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:52.227{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-45436-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494412Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:54.275{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-41489-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494411Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:54.085{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58902-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494410Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:53.623{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-40371-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494409Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:53.486{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56350-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000191276Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:47:59.667{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000191275Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:47:59.667{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a0c5b12) 13241300x8000000000000000191274Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:47:59.667{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0xcee4578d) 13241300x8000000000000000191273Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:47:59.667{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0x30a8bf8d) 13241300x8000000000000000191272Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:47:59.667{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c13-0x926d278d) 13241300x8000000000000000191271Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:47:59.667{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000191270Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:47:59.667{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a0c5b12) 13241300x8000000000000000191269Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:47:59.667{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0xcee4578d) 13241300x8000000000000000191268Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:47:59.667{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0x30a8bf8d) 13241300x8000000000000000191267Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:47:59.667{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c13-0x926d278d) 354300x8000000000000000494417Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:55.184{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13200-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494416Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:55.034{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57137-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494415Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:54.993{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-42292-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494414Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:54.662{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11677-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494413Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:54.346{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10036-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494419Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:55.819{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17159-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494418Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:55.500{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15522-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494425Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:57.502{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-13853-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494424Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:57.096{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23508-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494423Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:56.890{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11390-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494422Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:56.777{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21622-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494421Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:56.454{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19959-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494420Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:56.136{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18818-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494427Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:58.106{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16338-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494426Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:57.922{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10135-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494430Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:59.244{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33759-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494429Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:59.224{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49143-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494428Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:58.572{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-48041-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191277Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:47:59.629{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse212.83.175.232212-83-175-232.rev.poneytelecom.eu21700-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494434Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:00.180{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-38419-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494433Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:59.935{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50264-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494432Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:59.870{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37133-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494431Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:47:59.560{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35565-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494437Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:01.000{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-28106-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494436Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:00.857{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22165-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494435Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:00.596{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51474-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494439Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:02.139{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48368-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494438Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:01.717{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30992-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494441Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:04.252{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57304-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494440Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:04.196{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58200-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494444Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:05.182{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-40463-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494443Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:04.583{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25423-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494442Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:04.527{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42520-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494446Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:06.481{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11516-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494445Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:06.168{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9705-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494448Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:08.023{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-52305-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494447Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:07.779{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-3989-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494449Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:08.579{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21511-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191278Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:48:10.756{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in14111-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494450Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:10.563{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31546-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494451Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:10.823{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-4965-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191279Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:48:12.178{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-mumbai-dc.iris.local51669-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494452Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:12.350{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-15564-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494454Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:12.562{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-11971-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494453Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:12.535{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41360-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494456Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:14.482{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50712-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494455Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:13.614{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-16387-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494457Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:15.265{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27461-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494460Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:16.464{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1626-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494459Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:16.452{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-28220-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494458Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:16.046{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-17661-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494462Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:18.696{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12297-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494461Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:18.093{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-38874-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494466Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:19.581{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-23189-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494465Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:19.345{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-40221-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000191281Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:48:23.669{CCAA35FA-8EBE-6086-1600-00000000BA01}12521096C:\Windows\system32\svchost.exe{CCAA35FA-8ECB-6086-2200-00000000BA01}2260C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191280Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:48:23.669{CCAA35FA-8EBE-6086-1600-00000000BA01}12521096C:\Windows\system32\svchost.exe{CCAA35FA-8ECB-6086-2200-00000000BA01}2260C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x8000000000000000494464Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:48:23.219{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.AE28202021-04-28 08:48:23.219 11241100x8000000000000000494463Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:48:23.219{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.lock2021-04-28 08:48:23.219 354300x8000000000000000494467Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:20.668{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22628-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494469Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:21.496{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-52742-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494468Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:20.902{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50268-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494473Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:22.758{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31935-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494472Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:22.706{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-54076-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494471Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:22.120{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-51689-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494470Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:22.101{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-55094-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494477Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:23.605{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-29424-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494476Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:23.390{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35811-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494475Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:23.298{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56537-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494474Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:23.075{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33812-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494480Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:24.499{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-2232-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494479Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:24.310{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-30434-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494478Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:23.900{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58967-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494487Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:25.717{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-32657-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494486Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:25.667{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-7298-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494485Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:25.659{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46977-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494484Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:25.343{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45514-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494483Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:25.084{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-5050-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494482Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:24.976{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-31665-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494481Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:24.934{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-7718-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494490Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:26.371{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-33854-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494489Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:26.260{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-9850-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494488Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:25.977{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48492-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494493Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:27.741{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-19171-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494492Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:27.693{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-35973-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494491Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:27.033{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34740-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494495Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:28.491{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1768-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494494Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:28.398{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-37175-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494498Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:29.650{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23878-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494497Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:29.054{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-21515-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494496Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:28.801{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3477-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494501Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:30.789{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13328-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494500Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:30.540{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30652-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494499Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:30.232{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-26414-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494504Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:31.724{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35391-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494503Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:31.127{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-33103-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494502Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:31.108{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-14859-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494511Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:34.509{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30584-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494510Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:34.192{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29107-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494509Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:33.878{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26864-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494508Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:33.568{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25115-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494507Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:33.008{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-37751-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494506Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:32.328{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-38063-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494505Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:32.261{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-43265-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494513Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:35.770{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-49261-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494512Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:35.130{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-49500-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494517Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:36.939{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41951-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494516Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:36.586{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50041-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494515Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:36.480{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40330-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494514Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:35.837{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49015-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494521Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:37.940{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1812-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000494520Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:48:41.047{ED2ECF8A-9556-6086-0C00-00000000BB01}6848816C:\Windows\system32\svchost.exe{ED2ECF8A-9556-6086-1300-00000000BB01}648C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494519Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:48:41.047{ED2ECF8A-9556-6086-0C00-00000000BB01}6848760C:\Windows\system32\svchost.exe{ED2ECF8A-9556-6086-1300-00000000BB01}648C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494518Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:48:41.047{ED2ECF8A-9556-6086-0C00-00000000BB01}6848760C:\Windows\system32\svchost.exe{ED2ECF8A-9556-6086-1300-00000000BB01}648C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000494524Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:38.948{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51859-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494523Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:38.612{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1970-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494522Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:38.557{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4361-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191282Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:48:38.872{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in9202-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000191283Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:48:40.539{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse54.195.73.132ec2-54-195-73-132.eu-west-1.compute.amazonaws.com58841-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494529Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:40.052{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55871-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494528Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:39.903{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56823-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494527Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:39.586{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55432-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494526Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:39.270{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53524-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494525Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:39.199{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-4397-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494531Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:40.724{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56774-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494530Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:40.216{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58189-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494536Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:42.177{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9089-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494535Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:41.976{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15826-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494534Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:41.959{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18147-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494533Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:41.363{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-15713-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494532Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:41.325{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57900-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494539Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:42.592{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-18523-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494538Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:42.575{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-20375-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494537Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:42.494{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10430-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494542Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:43.826{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23678-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494541Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:43.213{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20955-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494540Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:43.184{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23058-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494546Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:45.009{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-28492-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494545Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:44.762{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21451-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494544Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:44.443{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20127-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494543Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:44.419{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-26115-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494548Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:46.005{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34627-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494547Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:45.085{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22976-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494550Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:47.170{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-39244-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494549Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:46.577{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-36869-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494556Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:48.606{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-10377-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494555Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:48.478{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40449-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494554Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:48.402{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-42429-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494553Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:48.171{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39054-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494552Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:47.856{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37135-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494551Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:47.807{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39981-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494557Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:48.788{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41946-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494562Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:49.995{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50831-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494561Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:49.872{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12488-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494560Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:49.215{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-11632-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494559Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:49.097{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43310-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494558Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:48.995{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-45027-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494564Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:51.212{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-55749-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494563Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:50.609{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53250-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494566Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:51.819{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58168-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494565Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:51.795{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56673-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494567Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:53.768{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-18450-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494569Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:54.668{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-10609-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494568Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:54.610{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-9447-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494572Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:57.445{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-22074-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494571Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:57.377{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20931-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494570Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:48:57.264{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-24498-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494574Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:00.298{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-33125-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494573Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:00.291{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-33437-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494575Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:00.837{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-30343-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494577Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:03.129{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45055-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494576Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:03.046{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-44566-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494579Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:04.393{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-36005-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494578Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:04.116{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58677-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191284Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:49:06.896{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in58899-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494582Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:06.164{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9339-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494581Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:05.909{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56496-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494580Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:05.853{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56246-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494586Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:08.654{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8974-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494585Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:08.641{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-8456-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494584Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:08.123{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19014-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494583Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:08.078{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-42027-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494587Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:10.076{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28593-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494589Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:11.583{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20799-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494588Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:11.461{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-20067-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494616Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:12.538{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39224-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494615Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:12.030{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47468-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000494614Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494613Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494612Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494611Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494610Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494609Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494608Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494607Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494606Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494605Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494604Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494603Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494602Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494601Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494600Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494599Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494598Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494597Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494596Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494595Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494594Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494593Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494592Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494591Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494590Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:49:16.835{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000494620Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:14.811{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51240-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494619Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:14.499{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49452-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494618Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:14.381{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32649-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494617Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:14.300{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-31676-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494622Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:15.520{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-53296-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494621Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:15.120{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53174-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494630Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:17.952{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7548-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494629Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:17.654{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45405-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494628Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:17.598{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6010-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494627Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:17.280{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4291-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494626Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:17.146{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43997-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494625Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:17.084{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-43003-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494624Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:16.898{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55716-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494623Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:16.191{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-54203-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494635Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:18.888{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12723-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494634Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:18.844{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50248-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494633Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:18.569{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11342-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494632Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:18.259{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9349-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494631Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:18.233{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47821-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494638Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:19.957{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55719-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494637Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:19.525{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15517-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494636Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:19.207{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-14103-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494640Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:20.541{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58238-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494639Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:20.509{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-2462-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494646Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:21.919{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-4712-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494645Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:21.817{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26930-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494644Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:21.674{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2903-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494643Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:21.498{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25256-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494642Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:21.186{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-3427-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494641Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:21.142{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1670-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494652Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:23.902{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-7800-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494651Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:23.235{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-6850-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494650Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:22.553{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-5549-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494649Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:22.449{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29444-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494648Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:22.281{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-5384-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494647Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:22.134{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28045-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494656Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:24.566{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15847-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494655Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:24.540{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-8897-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494654Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:24.402{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39378-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494653Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:23.967{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-13368-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494657Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:25.111{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17008-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494660Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:25.923{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-11112-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494659Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:25.239{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9865-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494658Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:25.180{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-18444-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494664Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:26.999{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52548-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494663Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:26.678{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51324-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494662Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:26.604{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12254-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494661Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:26.357{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49476-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191285Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:49:28.407{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-mumbai-dc.iris.local55607-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494669Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:28.044{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-30313-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494668Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:28.033{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-14459-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494667Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:27.949{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-28488-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494666Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:27.361{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-13348-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494665Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:27.318{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53973-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494674Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:29.598{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6612-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494673Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:29.499{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-16867-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494672Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:29.282{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4992-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494671Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:28.725{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-15746-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494670Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:28.558{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-31141-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494676Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:30.172{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-17907-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494675Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:29.914{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8317-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494681Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:31.540{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20160-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494680Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:31.400{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42815-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494679Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:30.845{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-42136-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494678Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:30.841{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-18844-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494677Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:30.229{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9989-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494684Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:32.285{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19880-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494683Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:32.231{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-21399-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494682Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:31.996{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45232-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494689Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:33.613{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53633-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494688Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:33.547{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26124-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494687Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:33.228{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-24840-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494686Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:32.913{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23330-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494685Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:32.602{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21794-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494692Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:34.213{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56207-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494691Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:34.178{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29058-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494690Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:33.865{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27505-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191286Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:49:34.951{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in15333-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494694Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:34.794{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56656-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494693Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:34.495{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30927-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494696Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:37.013{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8889-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494695Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:36.454{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40700-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494698Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:38.207{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11600-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494697Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:37.595{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9108-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494699Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:38.423{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50506-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494702Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:40.493{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34930-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494701Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:40.469{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1307-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494700Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:39.931{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20794-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494704Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:41.021{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23029-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494703Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:40.881{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-2740-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494706Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:42.245{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-28002-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494705Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:41.638{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-25489-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494709Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:42.866{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30475-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494708Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:42.843{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13220-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494707Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:42.755{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32313-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494711Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:45.609{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-44504-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494710Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:44.815{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23467-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494712Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:45.709{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42277-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494713Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:46.995{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34242-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494716Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:48.434{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53401-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494715Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:48.388{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56033-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494714Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:48.210{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47337-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494717Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:48.939{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44204-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494718Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:50.906{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53874-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494721Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:52.301{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-53596-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494720Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:51.295{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6073directplay8false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494719Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:51.214{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8749-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494724Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:53.508{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7533-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494723Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:53.186{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6265-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494722Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:52.873{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4713-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494728Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:54.671{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-19639-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494727Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:54.642{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22777-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494726Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:54.057{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17246-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494725Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:54.046{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20445-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494730Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:55.282{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-22362-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494729Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:55.238{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25455-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494734Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:56.286{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21663-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494733Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:55.963{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19690-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494732Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:55.906{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-24776-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494731Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:55.645{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17612-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494735Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:56.519{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27386-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494738Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:58.656{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33117-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494737Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:58.263{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31546-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494736Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:58.042{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-36991-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494739Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:59.373{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-38893-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494743Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:00.815{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-48681-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494742Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:00.710{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43163-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494741Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:00.516{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-7474-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494740Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:49:59.814{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-6556-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191287Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:50:02.982{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in48210-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494746Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:01.415{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-51144-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494745Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:01.345{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46975-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494744Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:01.029{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45162-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494750Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:02.801{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-52958-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494749Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:02.621{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56078-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494748Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:02.225{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50697-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494747Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:02.022{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53677-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494751Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:03.305{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56825-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494753Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:05.070{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-14599-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494752Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:04.351{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-13678-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494757Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:05.846{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10105-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494756Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:05.607{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-5119-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494755Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:05.527{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8091-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494754Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:05.461{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8829-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494758Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:06.203{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-7599-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494764Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:09.034{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-21124-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494763Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:08.866{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22821-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494762Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:08.427{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20152-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494761Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:08.244{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20235-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494760Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:07.816{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19829-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494759Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:06.805{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-10020-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494767Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:09.785{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29566-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494766Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:09.726{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-22334-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494765Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:09.613{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21535-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494770Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:11.059{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-24490-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494769Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:10.375{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-23324-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494768Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:10.241{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30854-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494777Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:13.019{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35181-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494776Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:12.523{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43153-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494775Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:12.409{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32735-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494774Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:12.372{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-26510-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494773Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:12.207{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41510-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494772Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:11.705{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-25423-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494771Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:11.675{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-34616-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494778Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:13.050{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-27316-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000191288Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:50:18.257{CCAA35FA-8EBD-6086-1100-00000000BA01}324C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0b-0x83b31fb5) 354300x8000000000000000494780Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:13.721{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-28738-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494779Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:13.618{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37758-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494785Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:15.102{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-48812-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494784Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:14.980{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55505-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494783Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:14.513{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-46479-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494782Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:14.488{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53044-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494781Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:14.476{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-29816-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494790Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:16.613{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-32952-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494789Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:16.405{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-48859-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494788Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:15.980{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-32138-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494787Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:15.291{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56952-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494786Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:15.210{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-31081-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494791Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:17.007{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51206-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494793Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:17.244{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7646-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494792Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:17.241{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34096-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494800Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:19.374{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-37618-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494799Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:19.220{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17575-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494798Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:19.072{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-6279-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494797Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:18.631{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-36561-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494796Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:18.497{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-3929-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494795Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:17.934{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-35405-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494794Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:17.913{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1456-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494804Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:20.197{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21987-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494803Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:20.009{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-38617-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494802Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:19.880{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20503-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494801Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:19.538{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18980-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494810Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:21.486{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28413-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494809Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:21.239{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9663-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494808Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:21.167{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26830-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494807Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:20.846{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25119-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494806Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:20.632{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53840-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494805Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:20.521{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23671-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494814Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:22.391{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20117-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494813Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:21.864{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-12179-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494812Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:21.808{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17633-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494811Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:21.805{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30075-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494816Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:23.474{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-44397-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494815Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:23.000{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22428-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 11241100x8000000000000000494823Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:50:28.528{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.Dz28202021-04-28 08:50:28.528 11241100x8000000000000000494822Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:50:28.513{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.lock2021-04-28 08:50:28.513 354300x8000000000000000494821Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:24.210{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27639-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494820Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:24.083{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41318-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494819Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:24.080{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-45239-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494818Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:23.774{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39849-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494817Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:23.613{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25117-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494826Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:24.925{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-46474-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494825Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:24.791{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-30106-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494824Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:24.786{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-24029-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494828Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:26.297{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52114-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494827Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:25.639{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47778-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494835Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:27.600{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59156-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494834Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:27.574{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-41648-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494833Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:27.282{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57753-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494832Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:27.234{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50394-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494831Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:26.966{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56042-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494830Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:26.651{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53894-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494829Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:26.388{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49263-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494837Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:28.306{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-38338-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494836Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:27.690{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35783-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494838Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:28.918{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40853-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191289Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:50:30.990{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in31735-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494846Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:30.779{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-48374-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494845Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:30.523{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-14082-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494844Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:30.445{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53325-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494843Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:30.203{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12750-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494842Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:30.159{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45886-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494841Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:29.886{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11289-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494840Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:29.568{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9957-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494839Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:29.536{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-43400-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191290Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:50:31.470{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-mumbai-dc.iris.local53008-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494847Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:31.398{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50934-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494848Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:32.493{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-24343-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494849Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:33.250{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-6200-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000191309Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.244{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191308Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.244{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191307Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.244{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191306Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.244{CCAA35FA-8EBB-6086-0B00-00000000BA01}5884732C:\Windows\system32\lsass.exe{CCAA35FA-8EB9-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000191305Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191304Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191303Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191302Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191301Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191300Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191299Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191298Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191297Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191296Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191295Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191294Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191293Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191292Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191291Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:38.135{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843944C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000494851Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:34.248{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-3539-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494850Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:33.892{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-1909-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494852Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:35.981{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17430-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494854Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:37.623{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-8029-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494853Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:36.975{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14331-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494856Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:39.787{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-26040-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494855Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:38.893{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-29341-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494857Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:41.701{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-40966-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000191312Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:45.041{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191311Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:45.041{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191310Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:50:45.041{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000494859Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:42.785{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-16143-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494858Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:42.505{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37105-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494860Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:44.563{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53109-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494861Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:45.328{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-48479-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494862Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:46.238{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-21823-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494864Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:47.491{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40485-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494863Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:47.356{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-5508-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494865Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:48.184{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1284-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494866Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:49.800{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50838-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494868Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:51.060{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-13188-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494867Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:50.215{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17698-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494869Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:51.749{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-2306-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494873Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:53.863{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-24451-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494872Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:53.713{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12302-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494871Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:53.008{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-29284-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494870Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:52.336{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-31686-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494876Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:55.964{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-37514-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494875Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:55.916{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22613-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494874Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:55.836{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-41161-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494877Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:56.686{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-36051-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191313Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:50:58.962{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in46822-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494878Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:57.862{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32688-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494879Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:58.618{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-52935-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494883Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:00.215{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44130-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494882Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:59.896{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42695-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494881Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:59.671{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-43415-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494880Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:50:59.552{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47942-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494886Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:00.840{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47016-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494885Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:00.526{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45525-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494884Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:00.329{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-44689-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494888Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:01.981{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-7849-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494887Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:01.375{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-5401-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494895Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:03.985{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50401-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494894Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:03.801{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3465-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494893Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:03.484{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1702-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494892Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:03.162{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58689-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494891Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:02.802{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57181-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494890Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:02.581{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10311-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494889Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:02.308{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-59146-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494896Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:04.117{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4832-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494898Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:04.599{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50986-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494897Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:04.497{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6492-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494901Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:05.961{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24484-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494900Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:05.368{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22027-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494899Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:05.201{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11920-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494904Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:07.147{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-29358-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494903Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:06.554{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-26942-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494902Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:06.511{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16731-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494905Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:08.051{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23602-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494912Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:10.528{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43523-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494911Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:10.100{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-1322-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494910Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:09.939{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-41050-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494909Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:09.393{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59283-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494908Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:08.726{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58270-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494907Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:08.668{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-26202-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494906Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:08.525{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26860-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494914Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:11.123{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-45989-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494913Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:11.103{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-38235-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494917Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:12.716{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42628-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494916Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:12.080{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-39991-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494915Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:11.475{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37600-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000494944Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494943Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494942Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494941Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494940Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494939Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494938Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494937Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494936Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494935Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494934Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494933Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494932Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494931Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494930Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494929Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494928Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494927Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494926Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494925Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494924Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494923Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494922Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494921Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000494920Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:51:17.848{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000494919Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:13.349{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45148-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494918Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:13.071{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48291-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494946Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:13.920{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-7591-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494945Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:13.895{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57324-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494949Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:15.235{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9541-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494948Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:15.040{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58022-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494947Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:14.559{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-8507-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494952Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:16.729{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10318-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494951Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:16.237{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-57131-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494950Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:15.867{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-10811-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494954Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:17.316{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-12696-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494953Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:17.013{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8885-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494956Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:18.554{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17804-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494955Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:17.960{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15382-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494959Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:19.436{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-16583-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494958Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:19.133{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9850-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494957Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:18.978{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18751-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000191314Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:51:25.636{CCAA35FA-8EBD-6086-1100-00000000BA01}324C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0b-0xabdc406a) 354300x8000000000000000494961Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:21.370{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-29542-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494960Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:20.974{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28438-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494962Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:21.977{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21474-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494964Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:23.016{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-22294-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494963Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:22.955{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-38423-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191315Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:51:25.940{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-mumbai-dc.iris.local61931-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494968Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:24.822{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-33057-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494967Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:24.780{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43753-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494966Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:24.181{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-41204-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494965Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:23.774{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-23291-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494973Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:25.732{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51729-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494972Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:25.422{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49951-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494971Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:25.410{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35484-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494970Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:25.369{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-46181-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191316Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:51:26.969{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in10633-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000494969Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:25.106{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48547-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494977Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:26.685{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40616-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494976Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:26.356{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55482-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494975Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:26.055{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37931-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494974Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:26.039{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53666-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494980Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:28.148{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57735-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494979Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:28.070{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-30573-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494978Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:27.419{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-29398-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494983Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:28.795{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8106-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494982Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:28.746{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1387-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494981Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:28.334{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6662-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494985Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:29.494{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-52353-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494984Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:29.115{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9902-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494987Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:31.683{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-13213-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494986Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:31.619{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-36085-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494990Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:32.833{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-7009-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494989Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:32.615{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11733-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494988Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:32.225{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4493-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000494991Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:32.929{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28603-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000191317Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:51:39.120{CCAA35FA-8EBD-6086-0D00-00000000BA01}8441860C:\Windows\system32\svchost.exe{CCAA35FA-8EBE-6086-1600-00000000BA01}1252C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000495005Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:35.679{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18579-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495004Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:35.456{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-42232-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495003Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:35.417{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39988-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000495002Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:51:39.224{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000495001Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:51:39.224{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09f5e5dd) 13241300x8000000000000000495000Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:51:39.224{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c03-0x51c8b5b1) 13241300x8000000000000000494999Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:51:39.224{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0xb38d1db1) 13241300x8000000000000000494998Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:51:39.224{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0x155185b1) 13241300x8000000000000000494997Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:51:39.224{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000494996Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:51:39.224{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09f5e5dd) 13241300x8000000000000000494995Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:51:39.224{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c03-0x51c8b5b1) 13241300x8000000000000000494994Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:51:39.224{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0xb38d1db1) 13241300x8000000000000000494993Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-SetValue2021-04-28 08:51:39.224{ED2ECF8A-9555-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0x155185b1) 354300x8000000000000000494992Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:34.440{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25140-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495006Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:36.292{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21212-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495008Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:37.798{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39064-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495007Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:37.411{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49582-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495009Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:38.406{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-41517-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495013Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:40.021{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49780-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495012Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:39.701{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1867-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495011Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:39.389{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59081-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495010Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:39.161{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32787-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495017Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:42.260{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-14560-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495016Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:42.048{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-44512-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495015Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:41.816{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55990-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495014Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:41.231{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53403-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495019Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:42.647{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47037-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495018Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:42.582{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16052-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495022Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:43.855{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51799-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495021Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:43.814{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55358-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495020Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:43.245{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-49521-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495029Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:45.193{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28885-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495028Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:45.181{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10831-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495027Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:45.162{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57379-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495026Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:44.882{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27419-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495025Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:44.603{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8533-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495024Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:44.562{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25641-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495023Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:44.531{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56357-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495031Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:45.790{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58121-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495030Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:45.498{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30082-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495033Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:46.706{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4520-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495032Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:46.466{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59474-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495040Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:48.118{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-3290-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495039Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:48.113{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43706-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495038Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:47.943{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22327-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495037Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:47.756{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41930-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495036Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:47.434{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40250-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495035Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:47.313{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-1697-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495034Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:47.308{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-7145-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495045Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:49.143{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27301-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495044Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:48.910{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47272-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495043Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:48.849{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-4080-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495042Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:48.549{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24761-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495041Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:48.423{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45777-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495052Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:50.180{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53518-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495051Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:50.139{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-6325-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495050Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:50.133{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18563-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495049Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:49.859{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52439-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495048Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:49.550{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50762-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495047Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:49.536{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-5157-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495046Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:49.228{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49321-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495056Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:51.124{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58927-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495055Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:50.813{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57159-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495054Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:50.782{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-7204-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495053Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:50.500{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55245-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495062Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:52.165{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9729-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495061Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:52.064{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4270-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495060Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:51.902{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-38853-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495059Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:51.751{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-2945-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495058Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:51.470{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-8403-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495057Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:51.442{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1512winsfalse10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495064Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:52.992{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30053-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495063Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:52.853{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-10712-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495072Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:54.661{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-50324-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495071Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:54.656{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17549-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191318Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:51:54.976{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in41213-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495070Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:54.337{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15609-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495069Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:54.217{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35120-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495068Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:54.095{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12717-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495067Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:54.019{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13934-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495066Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:53.607{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32722-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495065Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:53.480{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-11633-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000191321Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:51:59.714{CCAA35FA-8ECB-6086-2200-00000000BA01}2260C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000191320Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:51:59.714{CCAA35FA-8ECB-6086-2200-00000000BA01}2260C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EE435297-3B6E-4E37-882A-1C68A89E63E6\Config SourceDWORD (0x00000001) 13241300x8000000000000000191319Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:51:59.714{CCAA35FA-8ECB-6086-2200-00000000BA01}2260C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\EE435297-3B6E-4E37-882A-1C68A89E63E6\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_EE435297-3B6E-4E37-882A-1C68A89E63E6.XML 354300x8000000000000000495075Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:55.253{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-52681-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495074Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:54.972{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18965-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495073Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:54.807{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37647-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495079Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:57.065{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1270opsmgrfalse10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495078Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:56.934{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29024-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495077Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:56.447{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57513-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495076Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:55.849{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55302-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495081Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:57.566{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31977-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495080Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:57.247{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30530-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495085Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:58.400{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-19616-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495084Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:57.695{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-18626-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495083Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:57.648{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-3772-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495082Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:57.580{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-48741-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495086Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:59.100{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-21476-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495093Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:00.564{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-23344-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495092Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:00.477{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1400-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495091Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:00.435{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15298-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495090Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:00.370{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46140-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495089Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:00.057{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44361-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495088Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:59.891{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-22286-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495087Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:51:59.735{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42658-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495096Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:01.079{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4065-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495095Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:01.026{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17839-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495094Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:00.685{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48126-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495099Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:02.336{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9081-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495098Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:01.719{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6613-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495097Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:01.701{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20484-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495104Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:03.548{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14045-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495103Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:03.441{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1822-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495102Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:02.937{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11660-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495101Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:02.935{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59501-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495100Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:02.626{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58087-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495107Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:04.459{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32005-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495106Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:04.137{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16479-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495105Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:03.988{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-28812-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495110Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:05.403{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12141-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495109Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:05.334{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21360-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495108Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:04.730{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18833-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495113Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:06.574{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-26328-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495112Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:05.951{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23831-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495111Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:05.722{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13860-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495115Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:07.500{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34549-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495114Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:07.230{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43330-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495116Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:08.167{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-35773-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495118Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:09.443{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-38008-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495117Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:09.042{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15404-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495121Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:10.699{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57779-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495120Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:10.107{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55220-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495119Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:10.041{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40511-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495127Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:11.942{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43709-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495126Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:11.894{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-3659-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495125Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:11.629{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42368-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495124Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:11.323{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41210-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495123Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:11.290{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1269-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495122Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:11.009{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39549-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495130Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:12.830{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51820-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495129Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:12.575{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47314-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495128Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:12.259{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45523-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495135Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:15.934{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20412-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495134Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:15.685{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4449-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495133Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:15.328{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17958-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495132Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:14.739{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15559-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495131Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:14.687{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57471-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495143Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:16.981{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-9955-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495142Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:16.804{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49824-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495141Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:16.668{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-7725-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495140Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:16.658{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8743-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495139Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:16.512{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22945-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495138Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:16.353{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-6584-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495137Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:16.197{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-48611-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495136Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:16.035{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-5010-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495148Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:17.694{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-27667-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495147Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:17.602{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-13572-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495146Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:17.539{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51100-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495145Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:17.292{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-11638-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495144Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:17.092{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25282-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495151Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:18.892{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18855-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495150Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:18.559{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16335-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495149Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:18.295{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-30159-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495157Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:20.014{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-25752-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495156Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:19.848{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23491-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495155Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:19.773{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21212-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495154Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:19.534{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22690-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495153Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:19.217{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21284-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495152Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:19.165{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18718-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495160Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:20.982{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-26123-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495159Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:20.373{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23766-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495158Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:20.330{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-27811-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191323Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:52:23.295{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-mumbai-dc.iris.local54487-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000191322Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:52:23.012{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in34217-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495166Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:22.295{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-38926-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495165Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:22.246{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58429-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495164Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:22.192{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-31025-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495163Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:21.858{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33327-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495162Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:21.583{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-28502-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495161Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:21.132{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-42089-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495169Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:23.057{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59760-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495168Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:22.786{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-33479-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495167Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:22.609{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-40666-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495172Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:24.030{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-38605-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495171Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:23.962{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53876-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495170Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:23.396{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35907-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495178Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:25.701{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-57769-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495177Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:25.387{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-56428-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495176Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:25.071{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-54308-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495175Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:24.753{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-52201-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495174Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:24.465{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46241-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495173Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:24.146{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44392-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495179Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:26.013{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-58759-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495182Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:27.967{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-11483-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495181Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:26.889{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50345-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495180Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:26.719{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-6476-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 11241100x8000000000000000495185Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:52:33.726{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.nK28202021-04-28 08:52:33.726 11241100x8000000000000000495184Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:52:33.726{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.lock2021-04-28 08:52:33.726 354300x8000000000000000495183Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:28.594{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9763-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495188Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:29.936{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-22747-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495187Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:29.749{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-3111-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495186Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:29.467{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17871-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495190Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:30.566{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-25077-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495189Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:30.254{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-23577-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495195Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:32.832{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-31850-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495194Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:32.791{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-36422-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495193Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:32.576{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14382-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495192Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:32.249{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-29482-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495191Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:32.182{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-15285-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495198Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:34.641{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39153-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495197Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:34.055{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-36611-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495196Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:33.443{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-34218-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495200Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:35.387{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-26292-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495199Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:34.767{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-47593-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495203Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:37.403{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-50621-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495202Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:37.111{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-23155-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495201Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:36.750{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-58288-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495206Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:38.477{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-25633-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495205Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:38.215{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37781-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495204Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:37.828{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-24344-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495210Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:39.472{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3774-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495209Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:39.365{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-12005-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495208Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:39.046{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-9944-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495207Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:38.810{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40291-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495217Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:40.435{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8525-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495216Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:40.300{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-17506-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495215Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:40.256{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-3204-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495214Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:40.115{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6941-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495213Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:39.986{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-16045-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495212Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:39.796{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-5331-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495211Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:39.678{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-14013-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495224Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:41.621{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51636-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495223Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:41.409{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13662-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495222Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:41.241{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-22548-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495221Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:41.094{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11886-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495220Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:40.926{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-20679-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495219Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:40.777{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10064-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495218Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:40.609{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-18711-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495227Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:43.089{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15056-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495226Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:42.839{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56550-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495225Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:42.229{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-54187-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495231Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:43.541{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-33950-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495230Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:43.450{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-59112-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495229Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:43.366{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23399-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495228Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:43.227{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-33048-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495235Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:44.491{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-39356-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495234Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:44.176{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-37798-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495233Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:44.060{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2645-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495232Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:43.861{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-34880-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495241Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:45.622{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34934-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495240Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:45.525{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-36844-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495239Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:45.306{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33441-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495238Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:45.126{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-43455-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495237Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:44.810{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-41709-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495236Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:44.720{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-35600-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495246Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:46.509{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-29180-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495245Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:46.241{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37760-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495244Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:46.207{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-37557-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495243Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:45.932{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36202-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495242Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:45.926{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-26914-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495251Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:47.881{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-58385-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495250Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:47.554{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-55468-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495249Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:47.503{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16594-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495248Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:47.094{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-31722-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495247Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:46.897{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14009-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495259Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:48.830{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50636-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495258Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:48.824{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-3145-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495257Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:48.672{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21550-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495256Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:48.510{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-1895-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495255Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:48.508{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49524-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495254Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:48.201{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-1195-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495253Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:48.186{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47647-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495252Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:48.090{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-19102-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495261Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:49.150{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52170-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495260Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:49.135{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-5574-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495264Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:50.683{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-44986-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495263Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:49.877{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43344-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495262Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:49.794{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-43931-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191324Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:52:51.062{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in15435-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495269Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:51.463{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32760-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495268Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:51.437{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-5299-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495267Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:51.386{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-45981-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495266Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:51.118{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3549-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495265Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:51.088{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-16159-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495273Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:52.713{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47957-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495272Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:52.684{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55021-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495271Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:52.084{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35154-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495270Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:52.061{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-46887-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495278Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:53.712{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16279-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495277Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:53.543{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-28376-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495276Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:53.403{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49170-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495275Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:53.396{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15125-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495274Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:53.289{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57440-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495284Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:54.930{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47038-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495283Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:54.696{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51401-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495282Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:54.356{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19374-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495281Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:54.031{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17624-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495280Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:54.012{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50114-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495279Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:53.862{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-30949-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495288Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:55.841{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-42544-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495287Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:55.529{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-49404-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495286Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:55.478{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-52683-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495285Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:55.422{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse96.74.206.25096-74-206-250-static.hfc.comcastbusiness.net53382-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 13241300x8000000000000000191334Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:52:59.669{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000191333Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:52:59.669{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a10eef2) 13241300x8000000000000000191332Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:52:59.669{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c03-0x81b4b58d) 13241300x8000000000000000191331Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:52:59.669{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0xe3791d8d) 13241300x8000000000000000191330Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:52:59.669{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0x453d858d) 13241300x8000000000000000191329Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:52:59.669{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000191328Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:52:59.669{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a10eef2) 13241300x8000000000000000191327Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:52:59.669{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c03-0x81b4b58d) 13241300x8000000000000000191326Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:52:59.669{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0xe3791d8d) 13241300x8000000000000000191325Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-SetValue2021-04-28 08:52:59.669{CCAA35FA-8EBB-6086-0B00-00000000BA01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0x453d858d) 354300x8000000000000000495295Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:56.852{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-13293-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495294Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:56.764{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-54489-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495293Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:56.664{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-46598-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495292Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:56.254{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10752-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495291Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:56.202{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-53763-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495290Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:56.156{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-44377-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495289Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:56.141{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51920-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495301Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:58.621{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-57878-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495300Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:58.212{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56762-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495299Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:58.010{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17851-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495298Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:57.542{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55653-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495297Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:57.428{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15716-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495296Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:56.860{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-54848-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495303Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:59.593{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-7018-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495302Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:52:58.942{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-1205-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495305Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:00.923{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-12161-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495304Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:00.865{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-29793-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495306Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:01.450{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32365-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495310Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:02.381{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18561-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495309Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:02.034{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-34745-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495308Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:01.742{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-3663-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495307Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:01.715{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-14090-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191335Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:53:03.735{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.144.225.67-59858-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495312Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:02.976{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21171-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495311Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:02.623{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-37283-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495315Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:04.068{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-27423-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495314Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:03.746{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-25370-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495313Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:03.186{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-6094-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495317Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:04.703{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-29801-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495316Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:04.389{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-28592-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495318Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:05.434{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-48965-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495319Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:06.650{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-40339-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495320Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:06.947{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12237-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495323Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:08.903{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32410-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495322Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:08.613{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-51442-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495321Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:08.251{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1601-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495326Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:10.120{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50314-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495325Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:09.518{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-47775-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495324Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:09.364{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35627-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495333Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:11.662{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47601-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495332Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:11.641{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15557-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495331Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:11.603{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-19843-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495330Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:11.345{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45833-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495329Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:11.040{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-13310-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495328Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:10.903{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-18319-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495327Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:10.597{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-3223-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495335Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:12.230{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-18200-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495334Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:11.975{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48975-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495345Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:13.832{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-20024-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495344Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:13.606{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-22943-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495343Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:13.567{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-5105-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495342Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:13.516{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-18089-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495341Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:13.197{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-16004-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495340Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:13.005{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-21718-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495339Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:12.946{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2614-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495338Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:12.875{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-14086-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495337Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:12.810{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20573-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495336Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:12.326{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20601-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000495374Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495373Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495372Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495371Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495370Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495369Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495368Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495367Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495366Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495365Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495364Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495363Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495362Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495361Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495360Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495359Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495358Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495357Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495356Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495355Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495354Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495353Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495352Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495351Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495350Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:18.853{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000495349Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:14.436{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1843-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495348Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:14.310{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-23908-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495347Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:14.173{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-7673-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495346Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:14.149{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-21063-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495376Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:14.957{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-25180-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495375Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:14.786{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-10170-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495379Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:15.625{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-26025-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495378Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:15.567{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-31974-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495377Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:15.396{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-12758-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495384Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:17.072{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-35036-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495383Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:17.037{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-28258-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495382Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:16.764{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-34550-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495381Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:16.432{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-32352-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495380Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:16.305{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-27168-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495387Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:18.255{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-24341-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495386Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:17.682{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-29260-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495385Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:17.387{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-36106-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191336Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:53:19.056{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in10947-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495395Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:19.532{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-48324-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495394Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:19.504{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-29356-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495393Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:19.339{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-47522-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495392Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:19.063{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-31717-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495391Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:18.928{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-45929-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495390Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:18.866{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-26742-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495389Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:18.354{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-30754-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495388Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:18.345{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43366-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495398Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:20.115{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-50736-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495397Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:20.100{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-31929-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495396Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:19.754{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-32711-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495408Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:21.982{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-2595-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495407Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:21.960{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-39624-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495406Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:21.894{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58144-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495405Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:21.665{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-1439-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495404Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:21.353{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37034-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495403Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:21.340{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-58745-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495402Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:21.291{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55668-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495401Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:20.731{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34491-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495400Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:20.706{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53142-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495399Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:20.392{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-33758-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191337Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:53:22.530{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-mumbai-dc.iris.local64027-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495411Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:23.109{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-4169-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495410Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:22.516{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1689-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495409Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:22.288{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-3840-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495415Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:24.768{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51021-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495414Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:24.316{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8819-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495413Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:24.227{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-14915-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495412Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:23.707{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-6605-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495417Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:25.370{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53283-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495416Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:24.921{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-11552-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495418Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:26.192{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-25652-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495424Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:27.481{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-31854-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495423Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:27.299{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-44651-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495422Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:27.155{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-29981-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495421Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:26.836{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-29000-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495420Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:26.614{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-43529-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495419Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:26.518{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-27765-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495428Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:28.209{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6081-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495427Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:27.905{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-45668-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495426Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:27.805{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-33875-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495425Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:27.739{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23336-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495429Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:28.796{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-8407-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495439Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:30.592{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-15669-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495438Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:30.523{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-34887-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495437Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:30.392{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22404-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495436Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:30.223{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-48677-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495435Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:30.073{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21309-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495434Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:29.983{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-13262-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495433Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:29.908{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-46531-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495432Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:29.758{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19791-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495431Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:29.450{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17927-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495430Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:29.393{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-10812-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495444Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:31.345{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51221-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495443Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:31.196{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18202-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495442Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:31.121{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-37307-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495441Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:30.890{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-50123-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495440Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:30.703{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-24008-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495448Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:32.422{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23029-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495447Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:31.970{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51998-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495446Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:31.810{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-20662-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495445Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:31.717{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-39869-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495461Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:33.988{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55219-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495460Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:33.918{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40104-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495459Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:33.725{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-28388-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495458Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:33.604{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-38559-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495457Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:33.538{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-6380-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495456Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:33.287{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37017-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495455Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:33.285{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-54224-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495454Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:33.231{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-4983-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495453Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:33.108{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-25788-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495452Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:32.971{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35847-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495451Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:32.914{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-3061-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495450Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:32.673{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-53285-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495449Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:32.656{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33920-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495464Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:34.562{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-51521-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495463Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:34.331{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30809-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495462Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:34.233{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41546-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495468Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:35.520{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35709-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495467Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:35.296{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57442-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495466Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:34.918{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-33356-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495465Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:34.620{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56358-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495476Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:36.872{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55432-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495475Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:36.733{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40661-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495474Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:36.641{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59708-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495473Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:36.553{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53856-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495472Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:36.245{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52033-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495471Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:36.120{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-38146-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495470Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:35.931{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58552-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495469Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:35.930{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-17948-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495482Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:37.383{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-4331-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495481Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:37.380{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-43156-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495480Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:37.272{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57151-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000495479Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:41.056{ED2ECF8A-9556-6086-0C00-00000000BB01}6848816C:\Windows\system32\svchost.exe{ED2ECF8A-9556-6086-1300-00000000BB01}648C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495478Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:41.056{ED2ECF8A-9556-6086-0C00-00000000BB01}6848760C:\Windows\system32\svchost.exe{ED2ECF8A-9556-6086-1300-00000000BB01}648C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495477Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:53:41.056{ED2ECF8A-9556-6086-0C00-00000000BB01}6848760C:\Windows\system32\svchost.exe{ED2ECF8A-9556-6086-1300-00000000BB01}648C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000495486Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:38.614{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-48283-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495485Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:38.591{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-9085-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495484Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:37.993{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-45746-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495483Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:37.965{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-6740-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495495Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:40.465{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-55735-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495494Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:40.194{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-42147-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495493Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:40.164{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-6469-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495492Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:39.873{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-40191-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495491Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:39.859{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53261-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495490Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:39.551{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-38160-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495489Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:39.240{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-20898-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495488Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:39.240{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-50412-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495487Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:39.233{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-7950-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495503Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:41.627{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1386-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495502Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:41.522{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-49184-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495501Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:41.516{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-21438-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495500Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:41.514{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19752-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495499Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:41.197{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17970-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495498Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:41.196{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-47179-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495497Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:41.034{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58108-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495496Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:40.859{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-44021-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495511Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:42.784{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-54999-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495510Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:42.716{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-26344-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495509Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:42.467{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-53292-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495508Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:42.256{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4017-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495507Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:42.158{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-50743-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495506Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:42.120{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23916-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495505Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:42.010{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20943-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495504Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:41.844{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-49874-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495517Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:43.988{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31441-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495516Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:43.873{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12117-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495515Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:43.744{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-59938-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495514Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:43.425{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-59143-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495513Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:43.106{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-57305-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495512Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:42.869{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6460-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495523Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:44.703{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-6749-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495522Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:44.632{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34792-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495521Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:44.519{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-13346-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495520Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:44.381{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-5016-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495519Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:44.311{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32947-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495518Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:44.058{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-2908-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495532Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:46.056{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-40406-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495531Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:45.909{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41461-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495530Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:45.892{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-15321-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495529Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:45.680{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-17985-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495528Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:45.589{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39562-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495527Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:45.468{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-37838-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495526Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:45.272{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37857-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495525Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:45.216{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-14394-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495524Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:44.952{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36275-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191338Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:53:47.053{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in7090-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495535Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:46.645{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-42768-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495534Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:46.520{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-16321-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495533Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:46.281{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-20383-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495542Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:47.824{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-47671-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495541Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:47.743{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-22924-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495540Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:47.426{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-21008-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495539Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:47.243{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-44955-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495538Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:47.223{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-17493-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495537Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:47.111{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-18241-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495536Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:46.874{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-22828-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495547Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:48.602{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-19808-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495546Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:48.519{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53285-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495545Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:48.203{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52432-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495544Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:47.908{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-18774-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495543Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:47.885{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51203-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495552Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:50.037{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-35287-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495551Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:49.842{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-21809-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495550Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:49.719{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-33882-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495549Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:49.685{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34069-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495548Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:49.240{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20806-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495557Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:50.844{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-38789-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495556Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:50.807{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-36886-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495555Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:50.605{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58868-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495554Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:50.482{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3865-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495553Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:50.269{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-36446-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495562Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:52.034{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-43661-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495561Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:51.818{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-5032-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495560Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:51.435{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-41102-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495559Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:51.210{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-2543-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495558Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:51.157{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-41096-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495565Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:52.744{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-14996-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495564Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:52.426{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13497-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495563Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:52.424{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-7472-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495570Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:53.706{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-53875-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495569Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:53.693{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-27831-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495568Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:53.387{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-18140-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495567Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:53.065{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17116-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495566Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:53.024{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10132-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495571Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:54.020{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-55393-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495585Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:56.645{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-10635-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495584Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:56.635{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34826-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495583Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:56.449{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24362-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495582Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:56.325{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-8577-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495581Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:56.321{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33100-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495580Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:56.047{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1175-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495579Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:56.006{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-6992-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495578Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:56.002{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31445-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495577Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:55.847{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-21813-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495576Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:55.682{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29744-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495575Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:55.459{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-57683-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495574Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:55.362{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28178-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495573Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:54.855{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-55184-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495572Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:54.380{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-28893-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495588Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:57.736{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-34376-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495587Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:56.955{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-11265-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495586Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:56.953{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36390-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495591Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:58.907{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-22176-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495590Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:58.827{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-12594-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495589Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:58.572{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-35770-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495593Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:59.548{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-26077-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495592Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:53:59.227{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-24305-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495594Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:01.650{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-24130-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495596Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:02.352{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-39304-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495595Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:02.187{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46951-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495597Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:04.168{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-45033-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495601Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:04.656{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-52833-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495600Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:04.475{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35587-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495599Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:04.331{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-50980-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495598Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:04.186{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13204-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495602Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:05.088{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-38117-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495606Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:07.048{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-9142-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495605Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:07.026{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-5195-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495604Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:06.438{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-6812-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495603Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:06.133{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22947-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495610Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:08.098{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32989-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495609Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:07.962{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-49882-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495608Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:07.709{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50336-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495607Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:07.644{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-11815-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495617Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:09.097{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-52825-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495616Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:09.042{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37324-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495615Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:08.994{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-16632-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495614Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:08.724{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35630-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495613Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:08.563{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-52426-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495612Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:08.409{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34392-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495611Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:08.402{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51728-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495621Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:10.002{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42705-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495620Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:09.761{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-53924-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495619Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:09.682{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41045-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495618Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:09.366{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39016-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495628Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:11.289{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-28073-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495627Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:11.062{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55951-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495626Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:11.010{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25697-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495625Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:10.972{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-27217-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495624Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:10.432{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23195-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495623Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:10.393{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-54932-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495622Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:10.320{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44046-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495633Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:12.297{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53905-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495632Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:12.164{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-30423-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495631Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:11.748{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57098-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495630Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:11.583{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-28076-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495629Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:11.414{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-5073-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495640Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:13.348{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-35192-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495639Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:13.255{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-39039-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495638Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:13.074{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59132-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495637Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:12.926{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57170-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495636Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:12.760{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32908-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495635Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:12.614{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55520-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495634Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:12.414{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58170-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191340Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:54:16.017{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse96.74.206.25096-74-206-250-static.hfc.comcastbusiness.net56575-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000191339Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:54:15.068{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in26561-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495644Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:14.538{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-40249-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495643Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:14.253{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16709-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495642Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:13.944{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-37788-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495641Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:13.569{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-41352-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495645Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:15.128{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-42742-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495647Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:16.316{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58697-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495646Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:15.598{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-52940-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495649Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:17.027{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27919-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495648Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:16.719{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-5927-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495654Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:18.681{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27181-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495653Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:18.512{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56884-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495652Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:18.366{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25735-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495651Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:17.908{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-54313-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495650Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:17.656{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30400-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495655Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:19.116{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-59329-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495657Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:20.266{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-11772-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495656Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:19.708{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-2876-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495661Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:21.275{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40725-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495660Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:20.963{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-38959-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495659Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:20.633{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37063-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495658Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:20.569{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42505-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191341Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:54:23.272{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-mumbai-dc.iris.local59053-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495662Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:22.483{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-14380-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495665Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:23.715{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-17461-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495664Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:23.408{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50722-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495663Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:23.393{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53893-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495666Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:24.376{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-18339-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495669Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:25.679{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-3592-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495668Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:25.365{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1774-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495667Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:25.268{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25920-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495675Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:26.623{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8336-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495674Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:26.465{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-30864-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495673Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:26.305{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6812-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495672Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:26.230{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6573-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495671Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:25.987{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-5133-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495670Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:25.863{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-28216-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495678Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:27.631{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-35795-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495677Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:27.051{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-33346-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495676Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:26.839{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9015-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495681Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:28.807{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-40629-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495680Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:28.225{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-38144-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495679Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:28.148{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-24301-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495682Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:29.176{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-20706-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495683Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:29.710{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-20597-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495688Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:31.762{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-30292-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495687Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:31.585{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-19693-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495686Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:31.556{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-51973-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495685Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:31.446{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-32025-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495684Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:31.130{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30405-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495701Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:33.168{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-28524-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495700Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:33.154{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34850-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495699Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:32.882{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39307-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495698Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:32.856{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-26807-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495697Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:32.726{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57014-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495696Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:32.565{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37686-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495695Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:32.533{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-24714-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495694Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:32.531{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32310-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495693Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:32.246{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35997-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495692Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:32.223{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-22582-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495691Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:32.140{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-54667-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495690Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:31.919{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33638-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495689Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:31.906{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-20726-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495704Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:33.829{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43929-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495703Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:33.507{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42043-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495702Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:33.197{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40574-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495706Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:34.462{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47379-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495705Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:34.148{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45793-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495714Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:36.020{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-46589-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495713Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:35.974{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-45103-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495712Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:35.664{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-42099-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495711Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:35.524{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-9572-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495710Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:35.348{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-39725-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495709Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:34.776{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48817-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 11241100x8000000000000000495708Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:54:39.235{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.Dq28202021-04-28 08:54:39.235 11241100x8000000000000000495707Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostDefaultUserModified2021-04-28 08:54:39.219{ED2ECF8A-A73A-6088-1C46-00000000BB01}2820C:\Program Files\MinerGate\minergate.exeC:\Users\DefaultAccount\AppData\Local\minergate\miners.ini.lock2021-04-28 08:54:39.219 354300x8000000000000000495719Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:36.930{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-49584-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495718Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:36.741{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58908-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495717Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:36.616{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-49031-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495716Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:36.609{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-47730-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495715Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:36.290{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-46671-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495725Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:37.886{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-55763-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495724Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:37.831{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53946-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495723Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:37.570{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-53687-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495722Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:37.252{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-51430-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495721Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:37.226{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51496-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495720Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:37.105{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-39032-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495731Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:39.014{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58801-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495730Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:38.742{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-59963-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495729Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:38.725{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9669-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495728Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:38.424{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-57918-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495727Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:38.420{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56388-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495726Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:38.308{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20980-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495734Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:39.616{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2267-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495733Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:39.381{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-3882msdts1false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495732Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:39.064{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-2966-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495735Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:40.226{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4734-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191342Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:54:43.082{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in57326-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495740Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:41.685{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-34886-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495739Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:41.646{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-16939-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495738Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:41.330{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-14555-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495737Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:41.085{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32607-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495736Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:40.694{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19523-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495746Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:42.880{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-30179-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495745Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:42.614{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-22860-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495744Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:42.328{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47569-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495743Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:42.289{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-21145-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495742Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:42.282{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-37474-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495741Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:41.966{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-18866-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495762Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:45.157{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41723-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495761Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:45.079{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-49002-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495760Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:45.037{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-35491-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495759Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:44.842{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39965-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495758Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:44.721{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-33326-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495757Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:44.562{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50476-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495756Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:44.403{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-31544-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495755Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:44.228{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21008-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495754Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:44.082{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-30349-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495753Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:43.936{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49475-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495752Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:43.764{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-28792-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495751Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:43.637{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18575-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495750Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:43.441{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-27042-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495749Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:43.140{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-48348-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495748Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:43.121{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-24017-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495747Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:43.040{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16171-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495768Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:45.806{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-52830-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495767Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:45.672{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-51538-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495766Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:45.661{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-39770-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495765Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:45.471{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43508-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495764Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:45.351{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-38064-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495763Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:45.160{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51412-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495772Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:47.055{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32479-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495771Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:46.866{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-56405-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495770Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:46.528{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-53905-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495769Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:46.267{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53999-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495777Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:47.876{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55674-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495776Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:47.671{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35068-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495775Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:47.467{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58969-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495774Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:47.435{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-53532-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495773Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:47.228{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-54718-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495786Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:49.095{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-56671-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495785Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:48.815{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-39816-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495784Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:48.777{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-55981-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495783Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:48.724{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-5234-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495782Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:48.701{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56653-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495781Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:48.460{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-55103-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495780Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:48.239{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37300-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495779Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:48.142{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-2785-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495778Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:48.138{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-52150-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495796Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:50.049{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-4530-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495795Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:50.002{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-6981-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495794Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:49.923{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10274-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495793Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:49.734{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-1985-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495792Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:49.686{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-5589-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495791Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:49.413{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-57805-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495790Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:49.405{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-42160-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495789Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:49.388{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58428-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495788Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:49.374{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4315-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495787Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:49.316{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-7542-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495805Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:51.039{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-1490-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495804Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:51.006{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-8344-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495803Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:50.961{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11807-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495802Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:50.684{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-7240-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495801Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:50.628{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10092-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495800Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:50.509{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-12520-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495799Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:50.370{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-6315-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495798Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:50.320{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8488-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495797Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:50.294{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59759-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495813Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:52.187{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53446-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495812Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:52.025{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16831-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495811Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:51.953{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-14774-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495810Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:51.704{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-14763-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495809Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:51.650{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-2589-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495808Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:51.637{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-12514-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495807Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:51.319{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-10780-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495806Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:51.285{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13640-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495824Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:54.001{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26624-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495823Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:53.908{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-23989-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495822Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:53.906{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-26859-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495821Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:53.580{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-23046-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495820Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:53.420{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58440-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495819Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:53.289{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24261-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495818Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:53.255{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-21434-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495817Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:52.909{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-17461-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495816Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:52.798{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-55934-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495815Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:52.272{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-16204-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495814Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:52.267{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-3595-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495831Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:54.845{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-28372-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495830Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:54.650{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4404-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495829Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:54.530{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-26665-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495828Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:54.519{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-29317-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495827Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:54.320{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28125-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495826Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:54.216{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-24900-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495825Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:54.037{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2034-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495832Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:55.111{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-31829-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495836Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:55.860{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9405-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495835Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:55.478{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-32379-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495834Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:55.252{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6914-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495833Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:55.162{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-30424-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495841Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:57.093{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-14415-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495840Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:57.090{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41946-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495839Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:56.779{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39610-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495838Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:56.472{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11870-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495837Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:56.300{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-38243-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495850Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:58.283{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-19197-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495849Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:58.065{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-45749-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495848Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:58.040{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46496-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495847Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:57.944{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-12942-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495846Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:57.896{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43382-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495845Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:57.749{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-43463-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495844Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:57.726{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45269-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495843Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:57.690{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-16894-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495842Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:57.415{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43558-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495854Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:59.001{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-49988-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495853Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:58.923{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-21827-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495852Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:58.680{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-48722-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495851Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:58.372{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-47480-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495861Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:00.270{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-57909-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495860Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:00.192{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-26765-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495859Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:59.998{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56243-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495858Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:59.961{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-56069-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495857Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:59.644{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-54457-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495856Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:59.580{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-24397-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495855Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:54:59.322{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-52592-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495870Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:01.590{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-6232-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495869Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:01.472{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32034-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495868Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:01.283{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-4614-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495867Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:00.910{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-2191-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495866Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:00.902{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55887-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495865Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:00.785{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-29258-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495864Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:00.785{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1352-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495863Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:00.588{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-59049-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495862Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:00.316{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57697-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495873Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:02.073{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34545-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495872Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:01.905{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-7759-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495871Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:01.794{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-19212-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495879Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:03.374{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-14051-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495878Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:03.306{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-39370-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495877Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:03.101{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-11634-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495876Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:03.058{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12715-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495875Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:02.686{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-36858-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495874Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:02.221{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-9341-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495883Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:04.408{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-11268-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495882Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:03.910{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-41891-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495881Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:03.812{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-8778-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495880Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:03.686{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15507-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495886Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:05.324{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-24875-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495885Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:05.150{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-46913-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495884Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:04.529{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-44321-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495892Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:06.438{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-15735-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495891Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:06.266{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29361-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495890Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:05.951{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27502-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495889Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:05.941{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-25973-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495888Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:05.640{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25680-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495887Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:05.583{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse217.20.187.99-asd-gw.cslviv.lv.wnet.ua62577-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495898Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:07.234{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-28097-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495897Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:07.234{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23031-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495896Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:07.074{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-33530-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495895Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:06.757{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-31268-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495894Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:06.694{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31156-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495893Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:06.591{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-26985-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495904Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:08.432{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-28024-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495903Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:08.307{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-39496-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495902Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:07.994{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-38095-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495901Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:07.991{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-58557-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495900Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:07.840{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-25614-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495899Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:07.665{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-35109-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191343Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:55:11.097{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in54619-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495913Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:09.778{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6845-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495912Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:09.637{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-33078-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495911Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:09.291{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-43866-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495910Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:09.181{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4427-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495909Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:09.036{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-30372-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495908Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:08.973{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42299-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495907Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:08.657{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40859-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495906Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:08.622{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-40978-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495905Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:08.576{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-2048-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495915Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:10.388{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9332-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495914Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:10.229{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-35502-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495923Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:11.572{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-57621-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495922Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:11.420{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-40463-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495921Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:11.398{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-35022-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495920Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:11.253{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-55798-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495919Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:10.944{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-53976-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495918Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:10.812{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-37978-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495917Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:10.757{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-33764-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495916Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:10.626{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-51619-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495930Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:12.448{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-59799-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495929Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:12.445{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-1600-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495928Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:12.129{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-58349-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495927Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:12.122{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-35934-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495926Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:12.014{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-42989-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495925Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:11.890{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-59244-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495924Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:11.811{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56210-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495936Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:13.445{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-37876-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495935Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:13.176{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-20809-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495934Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:13.111{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-6956-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495933Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:12.791{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-5048-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495932Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:12.783{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-36954-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495931Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:12.767{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-2287-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495942Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:14.826{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-54589-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495941Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:14.722{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11588-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495940Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:14.696{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-40163-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495939Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:14.385{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-25498-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495938Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:14.092{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-38949-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495937Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:13.782{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-23016-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000495972Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495971Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495970Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495969Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495968Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495967Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495966Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495965Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495964Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495963Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495962Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495961Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495960Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495959Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A731-6088-1746-00000000BB01}5532C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495958Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495957Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495956Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495955Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495954Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495953Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495952Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495951Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1846-00000000BB01}3952C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495950Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495949Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000495948Microsoft-Windows-Sysmon/Operationalproject-mumbai-host-2021-04-28 08:55:19.856{ED2ECF8A-9556-6086-0D00-00000000BB01}736768C:\Windows\system32\svchost.exe{ED2ECF8A-A733-6088-1946-00000000BB01}9092C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000495947Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:15.422{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-57128-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495946Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:15.398{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-41204-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495945Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:15.397{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-18460-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495944Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:15.082{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-17456-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495943Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:14.986{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-28012-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495979Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:16.340{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-23795-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495978Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:16.212{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32952-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495977Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:16.079{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-42351-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495976Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:16.020{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-21651-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495975Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:16.003{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-59642-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495974Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:15.708{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-20030-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495973Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:15.601{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30501-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495991Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:18.019{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-45233-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495990Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:18.014{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40333-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495989Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:17.854{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-31667-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495988Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:17.542{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-30043-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495987Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:17.412{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37983-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495986Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:17.381{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-44196-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495985Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:17.207{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-27208-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495984Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:17.001{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23000-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495983Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:16.806{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35468-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495982Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:16.744{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-43131-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495981Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:16.689{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21433-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495980Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:16.653{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-25939-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191344Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:55:20.279{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-mumbai-dc.iris.local53104-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000495997Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:19.585{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-36304-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495996Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:19.476{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47653-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495995Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:19.270{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-34740-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495994Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:18.956{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33170-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495993Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:18.751{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-46339-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495992Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:18.744{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-12074-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496005Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:20.839{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51816-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496004Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:20.838{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-49655-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496003Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:20.731{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-48336-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496002Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:20.416{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-46432-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496001Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:20.156{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-48669-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496000Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:20.105{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-44321-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495999Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:19.906{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37980-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000495998Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:19.789{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-42959-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496008Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:21.517{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-23590-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496007Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:21.478{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-50762-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496006Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:21.424{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-54487-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496014Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:22.687{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-59549-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496013Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:22.522{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50657-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496012Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:22.215{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49250-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496011Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:22.118{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-26084-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496010Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:22.117{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-51767-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496009Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:21.903{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47713-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496019Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:23.318{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-2820-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496018Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:23.158{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52906-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496017Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:23.000{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-53058-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496016Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:22.999{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-1839-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496015Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:22.838{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51759-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496025Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:24.584{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-10970-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496024Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:24.270{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-9377-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496023Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:24.252{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-7043-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496022Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:23.959{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-7281-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496021Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:23.640{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-5178-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496020Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:23.472{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-54736-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496028Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:25.862{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8219-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496027Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:25.545{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-40409-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496026Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:24.932{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-37780-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496034Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:26.857{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12931-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496033Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:26.827{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-22270-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496032Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:26.536{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11382-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496031Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:26.429{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58623-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496030Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:26.183{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9694-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496029Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:26.147{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-42990-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496038Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:27.175{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-14370-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496037Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:27.137{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-24629-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496036Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:27.080{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-18776-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496035Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:27.075{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59682-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496048Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:28.752{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22773-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496047Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:28.701{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-32990-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496046Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:28.445{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-21256-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496045Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:28.384{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-31179-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496044Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:28.127{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-19309-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496043Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:28.075{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-28924-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496042Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:27.815{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17471-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496041Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:27.764{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-27741-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496040Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:27.494{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15720-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496039Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:27.449{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-26355-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496053Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:29.884{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30212-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496052Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:29.706{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27238-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496051Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:29.385{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25629-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496050Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:29.069{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-24342-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496049Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:28.975{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-54544-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496057Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:30.972{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-46857-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496056Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:30.665{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-44852-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496055Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:30.523{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-6269-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496054Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:30.502{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32879-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496064Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:31.787{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-8482-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496063Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:31.756{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-7198-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496062Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:31.720{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-48506-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496061Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:31.687{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37380-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496060Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:31.684{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37680-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496059Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:31.141{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-7415-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496058Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:31.108{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35288-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496070Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:32.948{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-12174-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496069Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:32.427{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-54578-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496068Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:32.421{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9373-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496067Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:32.352{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-9811-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496066Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:32.283{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40061-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496065Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:32.104{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-51341-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000191363Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.379{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191362Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.379{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191361Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.379{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191360Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.379{CCAA35FA-8EBB-6086-0B00-00000000BA01}5884424C:\Windows\system32\lsass.exe{CCAA35FA-8EB9-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000191359Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191358Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191357Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191356Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191355Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191354Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191353Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191352Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191351Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191350Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191349Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191348Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191347Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191346Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191345Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:38.269{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1400-00000000BA01}880C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000496074Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:34.183{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17239-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496073Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:33.952{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48905-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496072Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:33.637{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47420-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496071Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:33.576{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-14724-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496078Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:35.048{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51275-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496077Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:34.792{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-19753-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496076Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:34.387{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-5582-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496075Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:34.260{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50458-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496079Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:35.668{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-53720-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496081Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:36.767{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-16872-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496080Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:36.260{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-1337-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496083Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:37.608{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-31503-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496082Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:37.077{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-19968-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496090Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:39.034{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-30183-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496089Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:39.020{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-8535-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496088Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:38.872{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-14014-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496087Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:38.555{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12866-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496086Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:38.428{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6085-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496085Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:38.237{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-11217-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496084Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:38.199{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-33957-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191364Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:55:39.097{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in49061-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000496093Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:39.980{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-34958-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496092Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:39.668{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-32904-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496091Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:39.346{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-31668-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496097Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:41.166{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-24213-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496096Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:40.987{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-45469-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496095Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:40.607{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-38634-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496094Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:40.294{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-36658-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 10341000x8000000000000000191367Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:45.051{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191366Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:45.051{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000191365Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.local-2021-04-28 08:55:45.051{CCAA35FA-8EBD-6086-0C00-00000000BA01}7843912C:\Windows\system32\svchost.exe{CCAA35FA-8EBD-6086-1500-00000000BA01}1208C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000496103Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:43.007{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-24697-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496102Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:42.564{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-25550-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496101Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:42.427{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-22331-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496100Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:41.849{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-19972-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496099Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:41.560{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-47836-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496098Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:41.475{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26450-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496104Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:43.133{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-50618-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496114Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:45.049{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44464-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496113Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:44.732{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42562-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496112Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:44.414{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-40844-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496111Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:44.338{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-29015-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496110Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:44.322{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-59098-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496109Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:44.094{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39256-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496108Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:43.773{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-38149-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496107Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:43.610{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27092-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496106Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:43.584{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-26998-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496105Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:43.452{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-53082-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496115Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:45.131{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-29559-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496124Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:46.507{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-10427-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496123Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:46.496{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-38803-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496122Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:46.417{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-51169-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496121Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:46.101{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-49272-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496120Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:46.052{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-8666-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496119Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:45.735{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-6966-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496118Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:45.673{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-47548-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496117Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:45.426{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-5136-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496116Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:45.362{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-46191-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496127Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:47.140{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-11851-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496126Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:47.103{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-41399-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496125Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:46.829{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-12436-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496129Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:47.734{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-14365-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496128Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:47.695{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-43809-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496135Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:49.110{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-24858-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496134Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:48.933{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-19287-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496133Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:48.801{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-23266-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496132Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:48.709{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-4633-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496131Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:48.395{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-2941-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496130Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:48.327{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-16783-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496141Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:50.481{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-38132-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496140Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:50.456{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-55101-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496139Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:50.154{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-24418-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496138Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:49.736{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-28353-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496137Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:49.549{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-21772-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496136Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:49.427{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-26111-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496145Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:51.144{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-39264-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496144Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:51.120{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16412-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496143Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:50.742{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-26452-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496142Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:50.651{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-14424-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496150Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:52.297{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-41585-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496149Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:51.986{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-40703-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496148Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:51.831{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-40125-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496147Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:51.667{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-38968-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496146Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:51.441{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-17867-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496155Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:53.293{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-7453-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496154Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:53.238{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-48130-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496153Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:52.923{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-45705-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496152Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:52.607{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-42680-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496151Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:52.491{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-41264-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496160Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:54.171{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-40914-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496159Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:53.884{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-9969-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496158Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:53.552{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-38377-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496157Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:53.551{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-50085-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496156Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:53.404{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27760-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496163Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:55.355{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37438-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496162Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:54.776{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-43398-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496161Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:54.526{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-12479-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496176Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:56.826{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-48549-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496175Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:56.740{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-8292-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496174Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:56.720{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-44664-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496173Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:56.549{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-50965-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496172Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:56.424{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-6492-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496171Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:56.411{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-42996-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496170Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:56.181{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-47112-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496169Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:56.104{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-3729-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496168Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:56.089{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-41043-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496167Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:55.969{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-48428-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496166Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:55.672{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-39034-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496165Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:55.517{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-1787-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496164Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:55.372{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-45943-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496181Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:57.443{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-24197-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496180Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:57.372{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-10264-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496179Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:57.125{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-53396-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496178Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:57.053{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-8937-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496177Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:57.033{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-45924-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496185Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:58.031{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-26825-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496184Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:58.003{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-14664-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496183Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:57.715{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-55755-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496182Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:57.690{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-12670-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496192Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:59.429{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32402-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496191Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:59.125{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-20565-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496190Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:58.998{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-56275-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496189Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:58.636{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-29124-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496188Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:58.634{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-18190-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496187Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:58.323{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-16557-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496186Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:55:58.307{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-58080-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496193Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:00.037{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-34825-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496198Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:01.333{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-9049-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496197Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:01.177{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-31846-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496196Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:01.132{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-55271-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496195Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:01.069{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-10481-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496194Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:00.453{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-54216-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496211Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:02.947{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-46718-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496210Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:02.859{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17979-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496209Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:02.756{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-39830-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496208Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:02.437{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-37994-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496207Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:02.368{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-57125-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496206Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:02.249{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15412-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496205Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:02.120{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-35820-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496204Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:01.969{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12027-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496203Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:01.811{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-34847-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496202Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:01.763{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-56087-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496201Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:01.658{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-13061-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496200Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:01.651{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10936-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496199Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:01.492{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-33607-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496214Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:03.558{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-49264-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496213Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:03.452{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20218-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496212Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:03.006{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-58202-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496219Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:04.567{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-25520-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496218Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:04.290{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-1524ingreslockfalse10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496217Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:04.256{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-23885-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496216Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:03.940{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-22228-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496215Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:03.665{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-59219-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496223Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:05.046{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-53878-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496222Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:05.037{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-2455-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496221Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:04.885{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-27171-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496220Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:04.719{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-51946-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191368Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:56:07.084{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in11151-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000496229Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:06.839{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-34575-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496228Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:06.536{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-4794-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496227Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:06.362{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-1598-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496226Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:06.249{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-32006-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496225Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:05.828{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-3561-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496224Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:05.698{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-56327-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496234Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:07.666{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-8955-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496233Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:07.546{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-6514-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496232Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:07.269{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-5401-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496231Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:07.148{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-38387-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496230Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:06.958{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-4063-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496241Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:08.746{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-11261-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496240Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:08.617{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-7659-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496239Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:08.604{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-13154-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496238Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:08.291{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-12036-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496237Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:08.133{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-8819-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496236Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:08.013{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-6803-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496235Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:07.980{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-10881-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496246Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:09.791{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-52200-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496245Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:09.635{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-46108-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496244Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:09.474{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-50391-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496243Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:09.365{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-9822-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496242Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:09.159{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-48839-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496250Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:10.577{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-24819-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496249Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:10.410{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-55750-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496248Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:10.246{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-48543-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496247Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:10.097{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-54315-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496255Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:11.603{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-22853-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496254Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:11.538{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-29145-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496253Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:11.219{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-28433-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496252Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:10.902{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-26753-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496251Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:10.862{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-57456-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496260Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:12.815{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-27584-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496259Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:12.504{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-35076-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496258Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:12.203{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-25293-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496257Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:12.178{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-32902-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496256Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:11.858{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-30607-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496268Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:13.821{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-13609-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496267Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:13.748{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-16515-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496266Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:13.505{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-12111-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496265Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:13.427{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-30174-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496264Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:13.156{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-10442-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496263Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:13.131{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-15299-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496262Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:13.034{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-1189-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496261Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:12.842{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-8862-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496274Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:14.645{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-35084-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496273Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:14.493{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-46689-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496272Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:14.484{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-17682-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496271Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:14.452{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-16879-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496270Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:14.137{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-15296-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496269Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:14.032{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-32629-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496281Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:15.880{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-12843-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496280Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:15.876{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-40113-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496279Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:15.664{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-53039-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496278Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:15.358{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-51483-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496277Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:15.264{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-18668-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496276Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:15.255{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-37717-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496275Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:14.993{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-48176-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496286Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:16.737{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-28187-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496285Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:16.546{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-20697-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496284Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:16.492{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-15686-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496283Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:16.412{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-26633-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496282Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:15.902{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-19795-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496293Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:17.682{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-31747-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496292Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:17.668{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-20171-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496291Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:17.615{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-4721-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496290Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:17.368{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29974-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496289Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:17.244{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-22038-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496288Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:17.084{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-17951-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496287Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:17.048{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-29103-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000191369Microsoft-Windows-Sysmon/Operationalproject-mumbai-dc.iris.localRDP2021-04-28 08:56:18.223{CCAA35FA-8EBD-6086-0F00-00000000BA01}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-mumbai-dc.iris.local63576-false10.0.1.14project-mumbai-dc.iris.local3389ms-wbt-server 354300x8000000000000000496300Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:18.735{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-51831-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496299Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:18.629{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-37277-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496298Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:18.624{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-23380-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496297Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:18.314{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-35652-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496296Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:18.263{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.168-22791-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496295Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:17.995{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.90-33230-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496294Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:17.899{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-23045-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496310Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:19.990{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.166.111-26524-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496309Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:19.937{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.219.52.167-56613-false10.0.1.15project-mumbai-host.ap-south-1.compute.internal3389ms-wbt-server 354300x8000000000000000496308Microsoft-Windows-Sysmon/Operationalproject-mumbai-hostRDP2021-04-28 08:56:19.583{ED2ECF8A-9556-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.24-15251-false10.0.1.15project-mumbai-host.ap-s