354300x8000000000000000221478Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:26.510{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-34446-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221479Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:27.630{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-42541-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221480Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:28.805{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-50558-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221481Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:29.968{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-58135-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221483Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:32.542{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-17667-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221482Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:31.293{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-8015-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221484Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:33.826{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-25937-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221485Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:35.266{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-34864-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221486Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:36.510{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-43924-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221487Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:38.116{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-53040-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221488Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:39.386{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-2829-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221489Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:40.547{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-11302-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221490Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:41.760{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-19363-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185707Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:38:41.683{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in37130-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221491Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:42.092{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in12514-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221492Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:43.164{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-28305-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221493Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:44.555{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-38128-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000221529Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221528Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221527Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221526Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221525Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221524Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221523Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221522Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221521Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221520Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221519Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221518Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221517Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221516Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221515Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221514Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221513Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221512Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221511Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221510Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221509Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221508Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221507Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221506Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221505Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221504Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221503Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221502Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221501Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221500Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221499Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221498Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221497Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221496Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221495Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221494Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:38:49.833{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000185708Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:38:46.484{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1200-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221530Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:46.131{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-47537-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221532Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:47.492{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-57427-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221531Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:46.721{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14836-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185709Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:38:48.010{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse39.129.165.93-63105-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221533Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:48.570{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-6741-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221534Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:49.792{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-15244-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221535Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:51.009{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-22337-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221536Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:52.444{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-31612-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221537Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:53.696{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-40610-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221538Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:55.133{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-49923-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221539Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:56.400{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-59733-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221540Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:57.481{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-9272-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221542Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:59.868{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-24964-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221541Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:38:58.654{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-17025-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221543Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:01.458{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-33525-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221544Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:02.869{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-42238-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221545Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:04.110{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-51769-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221546Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:05.470{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-1405-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221547Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:06.778{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-10993-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221548Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:07.896{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-19435-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221549Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:09.058{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-27254-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221551Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:10.217{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-35752-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221550Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:10.059{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in59525-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185710Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:39:09.652{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in16459-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221552Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:11.460{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-44202-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221553Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:12.604{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-52478-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221554Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:13.796{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-1934-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221555Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:14.922{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-10458-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221556Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:16.153{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-17324-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221558Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:17.760{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-28267-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221557Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:17.519{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12919-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185711Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:39:17.428{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13067-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185712Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:39:18.732{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-22428-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221560Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:19.134{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-22399-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221559Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:19.019{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-36200-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221562Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:21.500{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-53314-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221561Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:20.285{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-44858-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221563Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:22.630{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-2974-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221564Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:23.810{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-10876-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221565Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:25.049{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-19423-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221566Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:26.216{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-28034-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221567Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:27.956{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-37622-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221568Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:29.326{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-46349-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221569Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:30.535{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-55321-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221570Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:31.715{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-4380-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221571Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:32.996{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-13107-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221572Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:34.239{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-21912-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221573Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:35.663{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-31189-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221574Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:36.955{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-40751-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000185732Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.747{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185731Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.747{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185730Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.747{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185729Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.747{E74F01E8-8FBD-6086-0B00-00000000BA01}5844704C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000185728Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185727Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185726Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185725Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185724Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185723Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185722Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185721Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185720Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185719Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185718Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185717Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185716Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185715Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185714Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:39:41.638{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000185713Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:39:37.669{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in57183-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221576Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:38.084{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in11863-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221575Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:38.069{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-48942-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221577Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:39.259{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-57613-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221578Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:40.760{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-7412-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221579Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:42.009{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-16229-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221580Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:43.218{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-24642-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221581Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:44.464{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-33248-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221582Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:45.924{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-41953-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221583Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:47.204{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-50740-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221584Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:48.380{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-59589-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221585Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:49.560{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-8661-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221586Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:50.834{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-17127-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221587Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:52.121{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-25893-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185733Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:39:52.998{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14858-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221589Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:53.267{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-34397-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221588Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:53.212{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14742-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221590Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:54.464{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-42464-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221591Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:55.878{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-51286-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221592Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:57.121{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-1209-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221593Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:58.295{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-9765-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221594Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:39:59.496{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-18346-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000185736Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:40:03.388{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185735Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:40:03.388{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185734Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:40:03.388{E74F01E8-8FBF-6086-0C00-00000000BA01}7762152C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000221595Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:00.777{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-25839-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221596Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:02.026{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-35859-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221597Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:03.143{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-43830-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221598Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:04.954{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-53364-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221600Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:06.303{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-3320-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221599Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:06.082{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in26029-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185737Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:40:05.679{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in59212-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221601Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:07.579{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-12948-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221602Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:08.743{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-20805-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221603Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:09.897{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-29071-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221605Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:12.312{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-45417-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221604Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:11.180{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-36736-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221606Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:13.480{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-53392-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221607Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:14.630{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-2973-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221608Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:16.167{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-11190-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221609Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:17.315{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-20941-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221610Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:18.680{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-29486-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221611Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:20.181{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-39082-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221612Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:21.316{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-48362-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221613Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:23.039{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-57486-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221615Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:25.258{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13421-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221614Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:24.552{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-8492-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221616Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:25.817{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-17718-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221617Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:27.518{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-29019-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185738Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:40:27.977{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13512-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221618Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:28.647{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-37371-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221619Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:29.815{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-44957-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221620Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:31.471{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-55798-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221621Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:32.608{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-4905-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221622Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:34.071{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in51734-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185739Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:40:33.650{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in22693-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221623Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:34.444{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-13865-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221624Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:35.846{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-23582-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221625Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:36.994{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-32327-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221627Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:39.995{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-50647-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221626Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:38.429{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-40877-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221628Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:41.296{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-1548-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221629Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:42.411{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-10054-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221630Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:43.720{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-17907-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221631Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:44.862{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-26652-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221632Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:46.234{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-35015-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000221668Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221667Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221666Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221665Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221664Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221663Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221662Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221661Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221660Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221659Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221658Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221657Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221656Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221655Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221654Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221653Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221652Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221651Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221650Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221649Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221648Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221647Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221646Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221645Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221644Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221643Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221642Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221641Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221640Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221639Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221638Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221637Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221636Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221635Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221634Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221633Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:40:50.843{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000221670Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:48.906{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-53448-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221669Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:47.668{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-44098-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221671Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:50.050{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-2648-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221672Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:51.926{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-12420-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221673Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:53.327{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-20499-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221674Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:54.923{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-32053-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221675Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:56.036{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-40002-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185740Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:40:56.495{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12169-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221677Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:57.175{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-47670-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221676Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:56.684{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11965-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221678Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:40:58.681{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-56220-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221679Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:00.020{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-4928-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185741Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:41:01.600{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in23178-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221680Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:01.239{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-14077-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221681Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:02.017{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in38067-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221682Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:02.916{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-23192-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221683Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:04.264{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-31801-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221684Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:05.515{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-41267-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221685Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:06.932{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-51307-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221687Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:09.648{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-9120-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221686Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:08.108{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-58247-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221688Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:11.071{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-18866-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221689Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:12.221{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-27732-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221690Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:13.352{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-36547-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221691Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:14.679{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-44284-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221693Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:17.130{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-2923-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221692Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:15.994{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-53179-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221694Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:18.513{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-12660-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221705Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:19.677{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-20246-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000221704Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:41:23.333{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000221703Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:41:23.333{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09e4839b) 13241300x8000000000000000221702Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:41:23.333{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c01-0xe2d08e6a) 13241300x8000000000000000221701Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:41:23.333{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0a-0x4494f66a) 13241300x8000000000000000221700Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:41:23.333{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c12-0xa6595e6a) 13241300x8000000000000000221699Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:41:23.333{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000221698Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:41:23.333{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09e4839b) 13241300x8000000000000000221697Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:41:23.333{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c01-0xe2d08e6a) 13241300x8000000000000000221696Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:41:23.333{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0a-0x4494f66a) 13241300x8000000000000000221695Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:41:23.333{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c12-0xa6595e6a) 354300x8000000000000000221706Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:20.966{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-29323-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221707Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:22.847{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-39032-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221708Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:24.383{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-48866-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221709Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:25.556{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-58047-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221711Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:27.071{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk8804-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221710Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:26.706{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-7229-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185742Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:41:27.078{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9245-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221713Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:29.347{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-24208-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221712Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:28.013{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-15669-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185743Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:41:29.615{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in20102-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221715Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:30.496{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-33120-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221714Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:30.021{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in28147-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221716Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:31.948{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-43301-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221717Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:34.495{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-56210-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221718Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:35.758{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-7101-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221719Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:37.344{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-18347-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221721Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:40.057{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-32357-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000221720Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:41:43.739{4C77B871-9763-6086-1400-00000000BB01}1028C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0a-0x5105d134) 354300x8000000000000000221722Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:41.241{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-41894-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221723Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:42.401{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-50360-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221724Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:43.685{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-58301-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221726Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:46.441{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-16936-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221725Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:45.029{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-7479-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221727Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:48.449{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-29240-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221728Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:49.978{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-40324-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221729Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:51.151{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-49325-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221730Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:52.525{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-58000-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221732Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:55.743{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-17391-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221731Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:54.266{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-8680-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221734Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:57.656{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6121-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221733Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:57.189{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-27062-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221736Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:58.580{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-36696-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000185748Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:02.391{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000185747Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:02.376{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Config SourceDWORD (0x00000001) 13241300x8000000000000000185746Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:02.376{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_4FA15643-EFBD-40F1-AD20-B67AEE8B2612.XML 354300x8000000000000000185745Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:41:57.672{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in18846-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185744Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:41:57.591{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6562-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221735Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:58.096{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in58325-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221737Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:41:59.754{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-45086-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221738Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:00.921{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-53842-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221739Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:02.242{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-2224-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221740Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:03.529{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-11587-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221741Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:05.468{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-23837-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221742Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:06.717{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-33380-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221743Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:08.168{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-43777-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221744Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:09.740{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-52551-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185749Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:42:10.263{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.2.147-51091-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221745Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:11.043{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-2357-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221746Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:12.323{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-11013-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221747Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:13.857{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-19992-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221748Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:15.082{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-28899-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221749Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:16.504{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-38032-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221750Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:17.785{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-48473-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221751Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:18.925{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-56865-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221752Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:20.553{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-6465-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221756Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:22.397{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-17086-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000221755Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:25.333{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221754Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:25.333{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221753Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:25.333{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000221757Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:23.882{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-26738-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221760Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:26.567{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-45571-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221759Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:26.107{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in19086-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221758Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:25.203{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-36242-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221762Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:27.808{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-54998-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221761Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:27.703{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk2959-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185751Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:42:27.393{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3089-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185750Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:42:25.707{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in27069-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221763Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:29.156{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-5496-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221764Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:30.315{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-13334-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221765Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:32.232{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-23556-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221766Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:33.558{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-33734-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221767Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:34.966{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-42889-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221768Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:36.237{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-53111-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221769Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:38.649{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-6286-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000185753Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:42:43.144{E74F01E8-8FC0-6086-1600-00000000BA01}11921448C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185752Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:42:43.144{E74F01E8-8FC0-6086-1600-00000000BA01}11921448C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000221770Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:39.997{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-15849-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221771Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:41.148{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-24302-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000185763Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:47.956{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000185762Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:47.956{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a03a90e) 13241300x8000000000000000185761Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:47.956{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0x146257f0) 13241300x8000000000000000185760Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:47.956{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0a-0x7626bff0) 13241300x8000000000000000185759Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:47.956{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c12-0xd7eb27f0) 13241300x8000000000000000185758Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:47.956{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000185757Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:47.956{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a03a90e) 13241300x8000000000000000185756Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:47.956{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0x146257f0) 13241300x8000000000000000185755Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:47.956{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0a-0x7626bff0) 13241300x8000000000000000185754Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:42:47.956{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c12-0xd7eb27f0) 354300x8000000000000000221772Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:42.480{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-32554-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221773Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:43.674{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-40807-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221774Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:45.337{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-49942-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000221811Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221810Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221809Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221808Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221807Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221806Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221805Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221804Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221803Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221802Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221801Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221800Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221799Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221798Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221797Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221796Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221795Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221794Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221793Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221792Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221791Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221790Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221789Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221788Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221787Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221786Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221785Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221784Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221783Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221782Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221781Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221780Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221779Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221778Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221777Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221776Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:42:51.864{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000221775Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:47.066{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-59632-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221812Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:48.328{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-9944-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221813Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:49.525{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-18280-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221814Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:51.170{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-28361-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185764Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:42:51.628{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-36420-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221816Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:52.564{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-37220-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221815Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:52.006{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-36363-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221818Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:54.127{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in4750-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221817Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:53.793{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-46660-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221819Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:54.972{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-55381-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185765Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:42:53.714{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in1889-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221820Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:56.392{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-5066-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221821Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:57.540{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13888-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221822Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:58.010{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-15254-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185766Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:42:57.464{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14294-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221823Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:42:59.409{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-25723-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221824Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:00.618{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-34059-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221825Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:01.900{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-42830-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221826Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:03.161{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-51596-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221828Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:05.611{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-10041-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221827Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:04.317{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-59854-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221829Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:07.138{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-18576-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221830Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:08.432{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-26737-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221831Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:10.133{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-36510-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221832Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:12.190{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-46723-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221833Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:13.805{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-57216-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221834Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:15.003{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-7371-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221835Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:16.156{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-15970-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221836Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:17.316{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-24055-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221837Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:18.535{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-31661-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221838Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:19.691{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-40245-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221839Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:20.873{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-48978-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185767Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:43:21.701{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in36069-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221841Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:22.171{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-58247-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221840Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:22.126{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in20391-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221842Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:23.987{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-9718-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221843Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:25.231{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-19338-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185768Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:43:26.216{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9743-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221845Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:26.337{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-27986-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221844Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:26.281{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9620-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221846Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:27.492{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-35979-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221847Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:28.671{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-44236-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221848Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:30.165{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-54136-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221849Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:31.332{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-3519-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221850Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:32.444{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-11993-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221851Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:34.107{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-21172-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221853Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:36.511{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-39350-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221852Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:35.386{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-30967-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221854Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:37.717{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-47905-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221855Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:39.400{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-57779-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221856Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:40.579{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-8613-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221857Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:41.859{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-16977-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221858Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:43.126{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-26387-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221859Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:44.269{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-34629-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221861Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:46.648{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-51376-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221860Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:45.517{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-43011-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221862Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:48.034{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-59848-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221864Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:49.677{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13705-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221863Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:49.536{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-9758-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185770Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:43:49.761{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in61384-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185769Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:43:49.415{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13864-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221865Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:50.171{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in61818-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221867Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:51.919{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-27036-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221866Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:50.708{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-18558-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221868Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:53.061{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-35452-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221869Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:54.718{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-46083-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221871Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:57.066{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-3991-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221870Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:55.875{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-54747-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221872Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:58.264{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-12277-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221873Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:43:59.441{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-21360-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221874Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:01.589{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-32623-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221875Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:02.731{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-40980-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221877Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:05.160{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-57984-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221876Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:03.955{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-49272-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221878Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:06.738{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-9976-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221879Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:07.926{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-18148-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221881Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:10.333{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-35385-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221880Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:09.069{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-26649-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221882Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:11.679{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-45031-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221883Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:13.236{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-54109-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221884Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:14.537{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-3977-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221885Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:15.641{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-11808-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221886Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:16.836{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-20217-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185771Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:44:17.761{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in5757-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221888Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:18.204{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in31786-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221887Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:18.028{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-28716-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221889Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:19.390{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-38582-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221891Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:21.765{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-54792-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221890Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:20.581{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-46463-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221892Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:22.847{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-4859-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221893Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:24.752{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-15078-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221894Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:26.095{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-24974-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185772Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:44:26.994{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6697-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221896Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:27.698{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-34794-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221895Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:27.412{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6627-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221897Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:28.939{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-44790-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221898Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:30.030{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-53581-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221899Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:31.845{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-4347-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221900Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:33.343{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-14344-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185773Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:44:34.460{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse106.120.139.1818.139.120.106.static.bjtelecom.net55032-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221901Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:34.820{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-23391-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221902Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:36.110{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-32841-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000185792Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.900{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185791Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.900{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185790Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.900{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185789Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.884{E74F01E8-8FBD-6086-0B00-00000000BA01}5844412C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000185788Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185787Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185786Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185785Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185784Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185783Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185782Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185781Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185780Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185779Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185778Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185777Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185776Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185775Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185774Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:44:41.775{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000221903Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:37.191{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-42220-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221904Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:38.911{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-50731-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221905Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:40.179{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-59546-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221906Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:41.853{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-11033-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221907Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:43.158{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-21279-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221908Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:44.253{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-30490-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185793Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:44:43.848{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk10370-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221910Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:45.558{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-38704-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221909Microsoft-Windows-Sysmon/Operationalproject-london-hostWinRM12021-04-28 08:44:45.393{4C77B871-975F-6086-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse162.142.125.53scanner-05.ch1.censys-scanner.com45154-false10.0.1.15project-london-host.eu-west-2.compute.internal5985- 354300x8000000000000000221915Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:47.129{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk10198-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221914Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:46.798{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-47391-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221913Microsoft-Windows-Sysmon/Operationalproject-london-hostWinRM12021-04-28 08:44:46.648{4C77B871-975F-6086-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse162.142.125.53scanner-05.ch1.censys-scanner.com55126-false10.0.1.15project-london-host.eu-west-2.compute.internal5985- 354300x8000000000000000221912Microsoft-Windows-Sysmon/Operationalproject-london-hostWinRM12021-04-28 08:44:46.477{4C77B871-975F-6086-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse162.142.125.53scanner-05.ch1.censys-scanner.com50310-false10.0.1.15project-london-host.eu-west-2.compute.internal5985- 354300x8000000000000000221911Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:46.237{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in60815-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185794Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:44:45.825{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in55826-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221916Microsoft-Windows-Sysmon/Operationalproject-london-hostWinRM12021-04-28 08:44:47.819{4C77B871-975F-6086-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse162.142.125.53scanner-05.ch1.censys-scanner.com33876-false10.0.1.15project-london-host.eu-west-2.compute.internal5985- 10341000x8000000000000000221953Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221952Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221951Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221950Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221949Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221948Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221947Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221946Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221945Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221944Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221943Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221942Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221941Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221940Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221939Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221938Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221937Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221936Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221935Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221934Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221933Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221932Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221931Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221930Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221929Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221928Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221927Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221926Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221925Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221924Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221923Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221922Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221921Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221920Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221919Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221918Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:44:52.873{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000221917Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:48.226{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-57738-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221954Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:49.550{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-8602-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221955Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:50.648{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-17988-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221957Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:53.302{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-35535-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221956Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:52.019{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-26288-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221958Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:54.399{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-45185-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221959Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:44:56.279{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.80-56401-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000185797Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:45:03.400{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185796Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:45:03.400{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185795Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:45:03.400{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000185798Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:45:13.072{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5827-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221960Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:45:14.213{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in27223-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221961Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:45:15.004{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5071-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185799Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:45:13.780{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in5565-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000185800Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:45:42.776{E74F01E8-8FBF-6086-0D00-00000000BA01}8322980C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1600-00000000BA01}1192C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000221962Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:45:42.151{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in24410-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185801Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:45:41.759{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in5356-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185802Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:45:42.651{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk2277-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221963Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:45:46.027{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk2238-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000185803Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:46:00.761{E74F01E8-8FBD-6086-0B00-00000000BA01}5844412C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000185804Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:46:09.734{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in18629-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221964Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:46:10.136{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in31141-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000221965Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:46:12.767{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12777-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185805Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:46:12.602{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12888-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000221975Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:46:23.346{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000221974Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:46:23.346{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09e9178b) 13241300x8000000000000000221973Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:46:23.346{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0x95a35d6a) 13241300x8000000000000000221972Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:46:23.346{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0a-0xf767c56a) 13241300x8000000000000000221971Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:46:23.346{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c13-0x592c2d6a) 13241300x8000000000000000221970Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:46:23.346{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000221969Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:46:23.346{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09e9178b) 13241300x8000000000000000221968Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:46:23.346{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0x95a35d6a) 13241300x8000000000000000221967Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:46:23.346{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0a-0xf767c56a) 13241300x8000000000000000221966Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:46:23.346{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c13-0x592c2d6a) 13241300x8000000000000000185806Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:46:40.701{E74F01E8-8FC0-6086-1300-00000000BA01}364C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0b-0x0206933d) 354300x8000000000000000221976Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:46:38.132{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in36943-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185807Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:46:37.710{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in5052-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185808Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:46:43.246{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9857-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000221977Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:46:43.495{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9717-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000222013Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222012Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222011Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222010Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222009Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222008Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222007Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222006Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222005Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222004Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222003Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222002Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222001Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222000Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221999Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221998Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221997Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221996Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221995Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221994Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221993Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221992Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221991Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221990Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221989Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221988Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221987Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221986Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221985Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221984Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221983Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221982Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221981Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221980Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221979Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000221978Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:46:53.878{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000185809Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:46:51.165{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local61424-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222014Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:46:57.125{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-24833-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000185812Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:04.263{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000185811Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:04.263{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Config SourceDWORD (0x00000001) 13241300x8000000000000000185810Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:04.263{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_4FA15643-EFBD-40F1-AD20-B67AEE8B2612.XML 354300x8000000000000000222015Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:47:05.823{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-37191-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185814Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:47:05.712{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in10450-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185813Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:47:05.420{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-37213-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222016Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:47:06.119{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in10251-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185815Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:47:16.677{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7741-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222017Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:47:20.041{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7707-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000222020Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:47:25.348{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222019Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:47:25.348{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222018Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:47:25.348{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000185816Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:47:33.855{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in35697-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222021Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:47:34.271{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in58478-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000185826Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:47.967{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000185825Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:47.967{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a083cfe) 13241300x8000000000000000185824Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:47.967{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0xc73526f0) 13241300x8000000000000000185823Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:47.967{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0x28f98ef0) 13241300x8000000000000000185822Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:47.967{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c13-0x8abdf6f0) 13241300x8000000000000000185821Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:47.967{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000185820Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:47.967{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a083cfe) 13241300x8000000000000000185819Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:47.967{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c02-0xc73526f0) 13241300x8000000000000000185818Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:47.967{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0x28f98ef0) 13241300x8000000000000000185817Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:47:47.967{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c13-0x8abdf6f0) 354300x8000000000000000222022Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:47:49.189{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5788-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185828Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:47:48.902{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5855-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185827Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:47:48.627{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.2.147-32366-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222023Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:48:02.237{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in10186-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185829Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:48:01.830{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in14825-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222024Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:48:23.648{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5551-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185830Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:48:26.297{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5612-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185831Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:48:30.008{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in61612-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222025Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:48:30.419{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in17577-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000222061Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222060Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222059Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222058Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222057Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222056Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222055Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222054Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222053Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222052Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222051Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222050Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222049Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222048Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222047Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222046Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222045Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222044Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222043Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222042Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222041Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222040Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222039Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222038Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222037Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222036Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222035Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222034Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222033Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222032Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222031Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222030Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222029Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222028Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222027Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222026Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:48:54.893{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222062Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:48:56.652{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3195-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185832Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:48:57.956{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in33240-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185833Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:48:58.121{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local50845-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222063Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:48:58.386{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in56272-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185834Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:48:59.307{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3207-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185835Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:49:24.723{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12267-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222064Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:49:25.426{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12118-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222065Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:49:26.464{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in63558-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185836Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:49:26.047{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in26439-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000185851Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185850Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185849Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185848Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185847Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185846Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185845Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185844Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185843Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185842Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185841Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185840Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185839Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185838Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185837Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:41.925{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185855Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:42.035{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185854Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:42.035{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185853Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:42.035{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185852Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:49:42.035{E74F01E8-8FBD-6086-0B00-00000000BA01}5844412C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000222066Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:49:54.448{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in1766-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185856Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:49:54.026{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in53679-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000185859Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:50:03.411{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185858Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:50:03.411{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185857Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:50:03.411{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222067Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:49:59.428{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9786-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185860Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:49:59.098{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9840-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185861Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:50:01.454{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local64074-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222068Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:50:22.481{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in40585-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185862Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:50:22.058{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in49527-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185863Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:50:26.260{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7079-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222069Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:50:29.626{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7022-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185864Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:50:50.006{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in43336-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222070Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:50:50.409{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in38549-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000222106Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222105Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222104Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222103Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222102Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222101Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222100Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222099Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222098Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222097Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222096Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222095Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222094Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222093Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222092Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222091Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222090Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222089Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222088Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222087Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222086Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222085Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222084Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222083Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222082Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222081Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222080Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222079Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222078Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222077Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222076Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222075Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222074Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222073Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222072Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222071Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:50:55.901{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000185865Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:50:53.401{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1924-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185866Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:50:53.934{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse106.120.139.1818.139.120.106.static.bjtelecom.net59862-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222107Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:50:53.808{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1896-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185867Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:50:59.819{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local56641-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185868Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:51:18.044{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in11552-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222108Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:51:18.472{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in6735-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222119Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:51:20.268{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk10326-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000222118Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:51:23.354{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222117Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:51:23.354{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09edab6b) 13241300x8000000000000000222116Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:51:23.354{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c03-0x4873bb6a) 13241300x8000000000000000222115Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:51:23.354{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0xaa38236a) 13241300x8000000000000000222114Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:51:23.354{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0x0bfc8b6a) 13241300x8000000000000000222113Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:51:23.354{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222112Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:51:23.354{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09edab6b) 13241300x8000000000000000222111Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:51:23.354{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c03-0x4873bb6a) 13241300x8000000000000000222110Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:51:23.354{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0xaa38236a) 13241300x8000000000000000222109Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:51:23.354{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0x0bfc8b6a) 354300x8000000000000000185869Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:51:20.399{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse39.129.165.93-51251-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185870Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:51:22.936{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk10371-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222120Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:51:46.473{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in1842-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185871Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:51:46.069{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in33962-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222121Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:51:47.881{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5898-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185872Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:51:47.492{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5937-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185873Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:51:51.868{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local65206-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000185876Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:05.213{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000185875Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:05.198{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Config SourceDWORD (0x00000001) 13241300x8000000000000000185874Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:05.198{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_4FA15643-EFBD-40F1-AD20-B67AEE8B2612.XML 354300x8000000000000000222122Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:52:14.518{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in35337-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185877Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:52:14.111{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in22010-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185878Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:52:16.066{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk2211-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222123Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:52:19.528{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk2159-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000222126Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:25.356{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222125Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:25.356{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222124Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:25.356{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000185881Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:52:39.326{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7931-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000185880Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:52:43.151{E74F01E8-8FC0-6086-1600-00000000BA01}11924444C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185879Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:52:43.151{E74F01E8-8FC0-6086-1600-00000000BA01}11924444C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222127Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:52:39.666{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7895-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222128Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:52:42.556{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in38399-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000185892Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:47.981{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000185891Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:47.981{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a0cd0de) 13241300x8000000000000000185890Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:47.981{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c03-0x7a0584f0) 13241300x8000000000000000185889Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:47.981{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0xdbc9ecf0) 13241300x8000000000000000185888Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:47.981{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0x3d8e54f0) 13241300x8000000000000000185887Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:47.981{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000185886Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:47.981{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a0cd0de) 13241300x8000000000000000185885Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:47.981{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c03-0x7a0584f0) 13241300x8000000000000000185884Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:47.981{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0b-0xdbc9ecf0) 13241300x8000000000000000185883Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:52:47.981{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0x3d8e54f0) 354300x8000000000000000185882Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:52:42.134{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in41074-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185893Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:52:49.921{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local57998-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000222164Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222163Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222162Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222161Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222160Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222159Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222158Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222157Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222156Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222155Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222154Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222153Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222152Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222151Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222150Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222149Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222148Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222147Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222146Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222145Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222144Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222143Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222142Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222141Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222140Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222139Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222138Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222137Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222136Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222135Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222134Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222133Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222132Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222131Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222130Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222129Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:52:56.909{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222165Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:53:02.350{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12216-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185894Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:53:04.846{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12267-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185895Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:53:10.124{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in3863-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222166Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:53:10.523{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in56353-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185896Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:53:25.111{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1170-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222167Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:53:25.953{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1076-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185897Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:53:28.913{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.2.147-11309-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222168Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:53:38.544{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in27225-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185898Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:53:38.130{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in56850-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185899Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:53:46.011{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3720-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222169Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:53:46.354{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3655-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185900Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:53:50.657{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local51845-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185901Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:54:06.128{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in59567-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222170Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:54:06.538{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in7605-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222171Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:54:07.845{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5879-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185903Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:54:07.478{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5932-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000185902Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:54:11.567{E74F01E8-8FC0-6086-1300-00000000BA01}364C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0c-0x0ec35242) 354300x8000000000000000185904Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:54:15.418{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse190.217.34.202-49309-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222172Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:54:19.057{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse190.217.34.202-49287-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185905Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:54:27.187{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse46.148.233.203-15670-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185907Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:54:28.688{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.55.11-35478-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185906Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:54:28.186{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.146.55.11-35458-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222174Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:54:35.337{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14030-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222173Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:54:34.567{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in63807-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185908Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:54:34.164{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in10799-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185909Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:54:34.925{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14045-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000185928Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.192{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185927Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.192{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185926Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.192{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185925Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.192{E74F01E8-8FBD-6086-0B00-00000000BA01}5844412C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000185924Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185923Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185922Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185921Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185920Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185919Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185918Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185917Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185916Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185915Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185914Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185913Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185912Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185911Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185910Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:54:42.083{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000185929Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:54:49.545{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local63117-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000222210Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222209Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222208Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222207Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222206Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222205Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222204Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222203Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222202Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222201Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222200Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222199Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222198Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222197Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222196Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222195Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222194Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222193Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222192Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222191Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222190Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222189Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222188Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222187Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222186Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222185Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222184Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222183Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222182Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222181Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222180Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222179Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222178Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222177Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222176Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222175Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:54:57.916{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185932Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:55:03.430{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185931Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:55:03.430{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185930Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:55:03.430{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000185933Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:55:02.141{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in17512-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222211Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:55:02.560{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in4952-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222212Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:55:05.437{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk10181-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185934Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:55:05.013{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk10193-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000185935Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:55:12.664{E74F01E8-8FC0-6086-1300-00000000BA01}364C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0c-0x332e1161) 354300x8000000000000000185936Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:55:30.182{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in42350-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222213Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:55:30.587{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in43561-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185937Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:55:33.368{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk4538-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222214Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:55:33.747{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk4500ipsec-msftfalse10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000185938Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:55:43.056{E74F01E8-8FBF-6086-0D00-00000000BA01}8322828C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1600-00000000BA01}1192C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000185939Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:55:47.362{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local57415-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000185940Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:56:01.621{E74F01E8-8FBD-6086-0B00-00000000BA01}5844412C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000222215Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:55:58.596{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in54713-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185941Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:55:58.139{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in42663-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185942Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:56:02.425{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14647-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222216Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:56:05.859{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14636-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000222226Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:56:23.371{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222225Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:56:23.371{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09f23f5b) 13241300x8000000000000000222224Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:56:23.371{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c03-0xfb468a6a) 13241300x8000000000000000222223Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:56:23.371{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0c-0x5d0af26a) 13241300x8000000000000000222222Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:56:23.371{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0xbecf5a6a) 13241300x8000000000000000222221Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:56:23.371{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222220Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:56:23.371{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09f23f5b) 13241300x8000000000000000222219Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:56:23.371{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c03-0xfb468a6a) 13241300x8000000000000000222218Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:56:23.371{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0c-0x5d0af26a) 13241300x8000000000000000222217Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:56:23.371{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0xbecf5a6a) 354300x8000000000000000185943Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:56:26.183{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in27180-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222227Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:56:26.616{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in3920-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185944Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:56:31.078{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9239-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222228Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:56:34.434{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9225-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000222229Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 08:56:43.747{4C77B871-9763-6086-1400-00000000BB01}1028C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0c-0x6978370d) 354300x8000000000000000185945Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:56:42.957{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local50362-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000222265Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222264Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222263Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222262Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222261Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222260Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222259Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222258Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222257Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222256Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222255Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222254Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222253Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222252Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222251Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222250Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222249Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222248Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222247Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222246Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222245Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222244Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222243Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222242Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222241Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222240Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222239Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222238Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222237Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222236Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222235Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222234Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222233Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222232Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222231Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222230Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:56:58.920{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000185946Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:56:54.336{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in16641-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222266Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:56:54.751{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in56047-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185950Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:57:03.195{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7052-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000185949Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:07.090{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000185948Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:07.074{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Config SourceDWORD (0x00000001) 13241300x8000000000000000185947Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:07.074{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_4FA15643-EFBD-40F1-AD20-B67AEE8B2612.XML 354300x8000000000000000222267Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:57:03.488{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6924-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185951Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:57:12.709{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse106.120.139.1818.139.120.106.static.bjtelecom.net64888-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000222270Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:57:25.373{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222269Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:57:25.373{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222268Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:57:25.373{4C77B871-9762-6086-0C00-00000000BB01}6882616C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222271Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:57:22.753{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in28907-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185952Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:57:22.351{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in4711-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222272Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:57:33.657{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3441-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185953Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:57:33.266{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3457-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185954Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:57:41.101{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local60538-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000185964Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:47.996{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000185963Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:47.996{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a1164ce) 13241300x8000000000000000185962Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:47.996{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c04-0x2cd853f0) 13241300x8000000000000000185961Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:47.996{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0c-0x8e9cbbf0) 13241300x8000000000000000185960Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:47.996{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0xf06123f0) 13241300x8000000000000000185959Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:47.996{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000185958Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:47.996{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a1164ce) 13241300x8000000000000000185957Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:47.996{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c04-0x2cd853f0) 13241300x8000000000000000185956Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:47.996{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0c-0x8e9cbbf0) 13241300x8000000000000000185955Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 08:57:47.996{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c14-0xf06123f0) 354300x8000000000000000185965Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:57:50.389{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in54517-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222273Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:57:50.837{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in1359-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222274Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:58:03.677{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13134-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185966Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:58:06.294{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13163-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222275Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:58:18.840{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in37712-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185967Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:58:18.431{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in22322-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222276Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:58:33.155{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9087-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185968Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:58:35.802{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9116-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185969Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:58:36.245{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local53479-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185970Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:58:46.451{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in23926-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222277Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:58:46.849{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in57207-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000222313Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222312Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222311Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222310Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222309Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222308Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222307Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222306Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222305Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222304Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222303Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222302Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222301Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222300Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222299Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222298Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222297Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222296Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222295Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222294Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222293Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222292Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222291Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222290Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222289Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222288Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222287Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222286Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222285Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222284Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222283Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222282Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222281Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222280Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222279Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222278Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 08:58:59.930{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222314Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:59:00.334{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3492-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185971Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:59:00.131{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3713-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222315Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:59:14.929{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in35038-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185972Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:59:14.504{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in37061-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185973Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:59:17.339{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.2.147-48142-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000185974Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:59:26.898{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11683-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222316Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:59:27.263{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11649-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185975Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:59:31.230{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local61952-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000185994Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.328{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185993Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.328{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185992Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.328{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185991Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.328{E74F01E8-8FBD-6086-0B00-00000000BA01}5844412C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000185990Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185989Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185988Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185987Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185986Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185985Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185984Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185983Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185982Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185981Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185980Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185979Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185978Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185977Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185976Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 08:59:42.219{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222317Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:59:42.926{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in59699-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185995Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:59:42.524{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in60927-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222318Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 08:59:56.579{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7110-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000185996Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 08:59:56.236{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7225-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000185999Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:00:03.438{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185998Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:00:03.438{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000185997Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:00:03.438{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222319Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:00:11.015{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in40657-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186000Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:00:10.576{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in1778-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186001Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:00:26.047{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local54346-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222320Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:00:26.866{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3318-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186002Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:00:26.546{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3382-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222321Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:00:38.985{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in1746-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186003Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:00:38.554{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in55676-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000222358Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222357Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222356Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222355Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222354Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222353Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222352Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222351Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222350Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222349Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222348Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222347Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222346Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222345Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222344Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222343Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222342Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222341Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222340Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222339Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222338Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222337Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222336Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222335Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222334Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222333Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222332Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222331Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222330Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222329Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222328Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222327Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222326Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222325Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222324Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222323Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:01:00.939{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222322Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:00:55.727{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11790-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186004Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:00:55.418{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11940-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186005Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:01:06.612{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in50876-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222359Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:07.042{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in4583-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000222369Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:01:23.377{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222368Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:01:23.377{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09f6d33b) 13241300x8000000000000000222367Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:01:23.377{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c04-0xae16e86a) 13241300x8000000000000000222366Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:01:23.377{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0d-0x0fdb506a) 13241300x8000000000000000222365Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:01:23.377{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c15-0x719fb86a) 13241300x8000000000000000222364Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:01:23.377{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222363Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:01:23.377{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09f6d33b) 13241300x8000000000000000222362Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:01:23.377{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c04-0xae16e86a) 13241300x8000000000000000222361Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:01:23.377{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0d-0x0fdb506a) 13241300x8000000000000000222360Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:01:23.377{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c15-0x719fb86a) 354300x8000000000000000186006Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:01:23.225{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local64075-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222370Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:25.946{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk8541-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186007Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:01:25.533{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk8549-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222371Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:35.065{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in7915-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186008Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:01:34.641{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in10950-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222374Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:46.715{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-54004-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222373Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:45.592{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-48064-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222372Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:45.548{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-47889-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222375Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:47.791{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-59768-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222376Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:48.879{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-6457-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222378Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:51.071{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-16343-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222377Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:49.991{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-11073-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222379Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:52.152{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-22191-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222380Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:53.228{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-27628-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222381Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:54.430{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-33158-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186009Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:01:55.156{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk4755-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222383Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:55.512{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-38502-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222382Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:55.461{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk4655-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222384Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:56.587{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-44198-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222385Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:57.804{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-49495-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222386Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:01:58.935{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-55208-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222387Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:00.027{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-1868-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222388Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:01.106{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-7066-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186010Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:02:01.876{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse203.202.255.193203-202-255-193.aamranetworks.com64699-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222389Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:02.387{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-13121-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000186014Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:07.989{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000186013Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:07.973{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Config SourceDWORD (0x00000001) 13241300x8000000000000000186012Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:07.973{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_4FA15643-EFBD-40F1-AD20-B67AEE8B2612.XML 354300x8000000000000000186011Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:02:02.748{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in11824-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222391Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:03.464{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-18903-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222390Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:03.139{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in58891-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222392Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:04.879{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-24779-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222393Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:05.995{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-30371-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222394Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:07.075{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-36078-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222395Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:08.170{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-41700-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222396Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:09.567{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-47162-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222398Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:11.947{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-59368-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222397Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:10.847{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-53243-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222399Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:13.028{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-6004-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222400Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:14.387{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-11277-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222401Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:15.512{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-17366-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222402Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:16.607{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-23200-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222403Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:17.733{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-28879-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186015Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:02:18.638{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local56440-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222404Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:18.808{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-33698-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222405Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:19.888{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-39499-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222406Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:20.983{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-44795-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222410Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:22.077{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-50062-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000222409Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:02:25.378{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222408Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:02:25.378{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222407Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:02:25.378{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222411Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:23.172{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-55707-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222412Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:24.453{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-2573-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222415Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:25.787{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-8552-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222414Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:25.659{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse203.202.255.193203-202-255-193.aamranetworks.com58899-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222413Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:25.574{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14524-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186016Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:02:25.243{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14705-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222416Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:26.871{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-14379-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222418Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:29.088{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-25117-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222417Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:27.969{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-20108-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222419Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:30.169{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-30717-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222421Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:31.264{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-36521-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222420Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:31.142{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in23629-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186017Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:02:30.726{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in45519-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222423Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:33.622{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-47875-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222422Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:32.462{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-42052-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222424Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:34.697{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-53516-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222425Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:35.827{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-59119-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222426Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:36.902{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-5172-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222428Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:39.099{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-16199-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222427Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:38.011{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-11097-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000186031Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x8000000000000000186030Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\IsServerNapAwareDWORD (0x00000000) 13241300x8000000000000000186029Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\AddressTypeDWORD (0x00000000) 13241300x8000000000000000186028Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\LeaseTerminatesTimeDWORD (0x608932c3) 13241300x8000000000000000186027Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\T2DWORD (0x60893101) 13241300x8000000000000000186026Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\T1DWORD (0x60892bbb) 13241300x8000000000000000186025Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\LeaseObtainedTimeDWORD (0x608924b3) 13241300x8000000000000000186024Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\LeaseDWORD (0x00000e10) 13241300x8000000000000000186023Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\DhcpServer10.0.1.1 13241300x8000000000000000186022Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\DhcpSubnetMask255.255.255.0 13241300x8000000000000000186021Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\DhcpIPAddress10.0.1.14 13241300x8000000000000000186020Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:43.910{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\DhcpInterfaceOptionsBinary Data 10341000x8000000000000000186019Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:02:43.160{E74F01E8-8FC0-6086-1600-00000000BA01}11923016C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186018Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:02:43.160{E74F01E8-8FC0-6086-1600-00000000BA01}11923016C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222429Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:40.185{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-21576-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000186045Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\RegisteredSinceBootDWORD (0x00000001) 13241300x8000000000000000186044Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\StaleAdapterDWORD (0x00000000) 13241300x8000000000000000186043Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\CompartmentIdDWORD (0x00000001) 13241300x8000000000000000186042Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\FlagsDWORD (0x00000002) 13241300x8000000000000000186041Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\TtlDWORD (0x000004b0) 13241300x8000000000000000186040Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\SentPriUpdateToIpBinary Data 13241300x8000000000000000186039Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\SentUpdateToIpBinary Data 13241300x8000000000000000186038Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\DnsServersBinary Data 13241300x8000000000000000186037Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\HostAddrsBinary Data 13241300x8000000000000000186036Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\PrimaryDomainNameiris.local 13241300x8000000000000000186035Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\AdapterDomainName(Empty) 13241300x8000000000000000186034Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.958{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\Hostnameproject-london-dc 10341000x8000000000000000186033Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:02:45.942{E74F01E8-8FBD-6086-0B00-00000000BA01}5844704C:\Windows\system32\lsass.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+304a5|C:\Windows\system32\lsasrv.dll+2e33b|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 13241300x8000000000000000186032Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:45.942{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{194AB7BA-0C23-434C-9B68-DC3B107F45D2}\RegisteredSinceBootDWORD (0x00000001) 354300x8000000000000000222430Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:41.263{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-26960-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222432Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:43.912{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-38345-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222431Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:42.721{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-32994-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000186055Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:48.004{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000186054Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:48.004{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a15f8ae) 13241300x8000000000000000186053Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:48.004{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c04-0xdfa8b1f0) 13241300x8000000000000000186052Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:48.004{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0d-0x416d19f0) 13241300x8000000000000000186051Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:48.004{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c15-0xa33181f0) 13241300x8000000000000000186050Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:48.004{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000186049Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:48.004{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a15f8ae) 13241300x8000000000000000186048Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:48.004{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c04-0xdfa8b1f0) 13241300x8000000000000000186047Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:48.004{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0d-0x416d19f0) 13241300x8000000000000000186046Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:02:48.004{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c15-0xa33181f0) 354300x8000000000000000222433Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:44.995{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-44302-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222434Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:46.073{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-50176-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222435Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:47.151{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-55185-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222436Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:48.544{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-2569-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222437Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:49.621{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-8287-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186056Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:02:50.966{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7692-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222438Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:50.699{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-13749-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222440Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:51.775{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-18404-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222439Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:51.094{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7374-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222441Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:52.858{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-24022-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222443Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:55.183{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-35088-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222442Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:54.099{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-29605-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222444Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:56.277{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-40559-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000222481Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222480Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222479Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222478Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222477Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222476Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222475Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222474Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222473Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222472Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222471Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222470Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222469Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222468Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222467Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222466Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222465Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222464Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222463Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222462Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222461Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222460Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222459Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222458Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222457Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222456Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222455Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222454Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222453Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222452Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222451Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222450Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222449Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222448Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222447Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222446Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:03:01.942{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222445Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:57.380{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-46057-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222482Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:58.466{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-50843-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222484Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:59.543{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-56345-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222483Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:02:59.182{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in11997-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186057Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:02:58.754{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in33589-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222485Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:00.653{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-2850-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222486Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:01.746{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-7829-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222487Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:02.822{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-13309-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222488Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:04.003{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-18351-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222490Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:06.169{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-29176-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222489Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:05.091{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-23570-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222491Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:07.451{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-34659-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222493Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:09.638{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-45844-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222492Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:08.558{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-40316-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222494Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:10.734{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-51462-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222495Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:12.007{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-56788-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222496Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:13.185{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-3409-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222497Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:14.279{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-9475-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222498Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:15.373{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-15228-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186058Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:03:14.224{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local64426-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222500Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:17.932{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-26768-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222499Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:16.753{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-20668-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222501Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:19.232{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-33542-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222503Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:20.326{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-39296-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222502Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:20.114{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1870-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186060Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:03:20.059{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk2116-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186059Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:03:19.603{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse39.129.165.93-56652-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222504Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:21.601{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-44636-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222505Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:22.748{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-50569-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222506Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:23.822{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-56303-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222507Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:24.903{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-2677-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222508Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:25.996{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-7586-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222510Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:27.297{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in2014-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222509Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:27.076{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-13073-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186061Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:03:26.883{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in39956-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222512Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:29.243{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-23675-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222511Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:28.167{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-18565-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222513Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:30.325{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-29253-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222514Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:31.695{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-35150-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222515Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:32.796{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-40029-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222516Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:33.889{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-45703-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222517Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:34.983{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-51588-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186062Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:03:34.747{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse106.120.139.1818.139.120.106.static.bjtelecom.net53861-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222518Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:36.075{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-56841-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222519Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:37.371{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-3371-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222520Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:38.452{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-9056-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222521Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:39.541{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-14458-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222522Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:40.624{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-19619-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222523Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:41.701{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-24855-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222524Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:42.781{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-30479-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222525Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:43.875{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-35857-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222526Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:44.953{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-41193-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222527Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:46.344{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-47575-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222528Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:47.434{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-53228-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222531Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:50.670{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-10326-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222530Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:49.591{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-4515-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222529Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:48.513{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-58220-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186063Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:03:51.945{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12797-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222532Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:51.749{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-15196-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222533Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:52.842{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-20751-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222534Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:53.919{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-26411-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222537Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:55.386{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12783-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222536Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:55.352{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in2642-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222535Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:55.126{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-31766-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186064Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:03:54.951{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in47321-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222538Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:56.217{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-37144-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222540Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:58.374{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-48507-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222539Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:57.298{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-42898-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222541Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:03:59.638{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-53850-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222542Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:00.716{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-59239-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222543Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:01.796{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-6139-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222544Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:02.889{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-11662-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222545Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:03.966{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-16610-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222546Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:05.045{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-22458-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222547Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:06.123{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-27718-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222548Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:07.216{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-32869-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186065Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:04:07.508{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local55473-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222549Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:08.312{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-38607-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222551Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:10.625{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-49449-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222550Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:09.537{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-44206-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222553Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:12.814{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-2048-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222552Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:11.719{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-55292-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222555Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:14.980{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-12593-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222554Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:13.901{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-7132-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222556Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:16.060{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-17479-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222557Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:17.138{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-22935-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222558Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:18.217{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-28606-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222559Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:19.340{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-34013-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000222564Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:04:24.787{4C77B871-9761-6086-0500-00000000BB01}372488C:\Windows\system32\csrss.exe{4C77B871-2518-6089-3852-00000000BB01}3428C:\Windows\system32\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000222563Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:04:24.787{4C77B871-9763-6086-1500-00000000BB01}10524512C:\Windows\system32\svchost.exe{4C77B871-2518-6089-3852-00000000BB01}3428C:\Windows\system32\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a7a1|c:\windows\system32\UBPM.dll+fa34|c:\windows\system32\UBPM.dll+cdcc|c:\windows\system32\UBPM.dll+d395|c:\windows\system32\UBPM.dll+dc95|c:\windows\system32\UBPM.dll+e9dd|c:\windows\system32\UBPM.dll+e1ba|c:\windows\system32\UBPM.dll+de12|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b55|C:\Windows\SYSTEM32\ntdll.dll+6585d|C:\Windows\SYSTEM32\ntdll.dll+656c0|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222562Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:04:24.787{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1500-00000000BB01}1052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222561Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:04:24.787{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1500-00000000BB01}1052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222560Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:20.421{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-38893-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222565Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:21.516{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-44815-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222566Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:22.695{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-50322-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186066Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:04:22.958{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in52031-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222568Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:23.781{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-55716-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222567Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:23.372{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in9178-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222569Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:24.872{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-2317-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186067Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:04:26.308{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk10275-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222572Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:27.156{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-13419-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222571Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:26.637{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk10227-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222570Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:26.023{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-7773-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222573Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:28.502{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-19634-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222574Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:29.596{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-25436-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222575Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:30.687{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-30302-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222576Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:31.862{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-35893-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222577Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:32.968{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-41779-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222578Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:34.047{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-47375-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222579Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:35.291{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-52871-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222580Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:36.373{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-58366-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222581Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:37.466{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-5162-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000186086Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.461{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186085Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.461{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186084Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.461{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186083Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.461{E74F01E8-8FBD-6086-0B00-00000000BA01}5844412C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000186082Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186081Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186080Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186079Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186078Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186077Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186076Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186075Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186074Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186073Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186072Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186071Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186070Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186069Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186068Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:04:42.352{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222583Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:39.707{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-15683-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222582Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:38.613{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-10532-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222584Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:40.802{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-21665-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222585Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:41.880{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-27028-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222586Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:43.185{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-32603-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222587Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:44.271{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-37967-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222588Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:45.363{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-44013-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222589Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:46.440{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-49365-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222591Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:47.625{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-54427-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222590Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:47.290{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1269-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186087Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:04:46.979{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1335-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222592Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:48.743{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-1153-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222593Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:49.833{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-7136-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222594Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:50.914{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-12276-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186088Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:04:51.033{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in30447-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222596Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:52.004{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-17693-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222595Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:51.438{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in35185-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222597Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:53.083{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-23184-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222598Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:54.158{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-28550-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222600Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:56.474{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-39673-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222599Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:55.373{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-33786-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222601Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:57.596{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-45390-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222638Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:58.674{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-49938-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000222637Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222636Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222635Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222634Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222633Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222632Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222631Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222630Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222629Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222628Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222627Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222626Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222625Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222624Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222623Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222622Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222621Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222620Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222619Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222618Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222617Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222616Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222615Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222614Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222613Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222612Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222611Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222610Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222609Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222608Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222607Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222606Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222605Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222604Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222603Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222602Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:05:02.950{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186091Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:05:03.448{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186090Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:05:03.448{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186089Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:05:03.448{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222639Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:04:59.940{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-56233-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186092Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:05:01.307{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local61738-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222640Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:01.019{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-2782-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222642Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:03.488{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-14426-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222641Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:02.364{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-8491-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222643Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:04.568{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-20329-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222644Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:05.645{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-25607-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222645Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:06.739{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-31077-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222647Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:08.928{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-42117-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222646Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:07.832{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-36641-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222648Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:10.021{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-47260-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222649Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:11.098{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-52811-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222650Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:12.471{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-58807-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222651Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:13.684{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-5159-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186093Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:05:13.231{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.2.147-24918-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000222663Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x8000000000000000222662Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\IsServerNapAwareDWORD (0x00000000) 13241300x8000000000000000222661Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\AddressTypeDWORD (0x00000000) 13241300x8000000000000000222660Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\LeaseTerminatesTimeDWORD (0x6089335f) 13241300x8000000000000000222659Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\T2DWORD (0x6089319d) 13241300x8000000000000000222658Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\T1DWORD (0x60892c57) 13241300x8000000000000000222657Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\LeaseObtainedTimeDWORD (0x6089254f) 13241300x8000000000000000222656Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\LeaseDWORD (0x00000e10) 13241300x8000000000000000222655Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\DhcpServer10.0.1.1 13241300x8000000000000000222654Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\DhcpSubnetMask255.255.255.0 13241300x8000000000000000222653Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\DhcpIPAddress10.0.1.15 13241300x8000000000000000222652Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:05:19.107{4C77B871-9762-6086-1200-00000000BB01}960C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93ca6a7e-37ba-452e-ad36-8505ea5aa8d1}\DhcpInterfaceOptionsBinary Data 354300x8000000000000000186094Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:05:15.421{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk10664-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222666Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:16.069{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-17911-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222665Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:15.827{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk10645-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222664Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:14.786{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-11415-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222667Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:17.159{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-23791-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222668Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:18.241{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-28564-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186095Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:05:19.050{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in45788-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222670Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:19.523{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-34878-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222669Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:19.483{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in36297-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222671Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:20.617{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-40787-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222672Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:21.728{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-46112-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222673Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:22.820{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-51244-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222674Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:23.912{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-56997-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222675Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:24.991{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-3464-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222676Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:26.082{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-8540-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222677Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:27.293{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-13620-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222679Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:29.475{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-25425-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222678Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:28.383{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-20073-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222680Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:30.772{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-31023-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222681Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:31.866{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-36726-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222682Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:32.942{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-42539-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222683Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:34.024{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-47800-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222684Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:35.117{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-52998-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222685Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:36.206{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-58863-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222686Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:37.406{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-5084-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222687Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:38.506{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-10938-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000186096Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:05:43.339{E74F01E8-8FBF-6086-0D00-00000000BA01}8321216C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1600-00000000BA01}1192C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222688Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:39.583{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-16584-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222689Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:40.676{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-22236-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222690Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:41.756{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-26979-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222691Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:43.023{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-33347-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222693Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:44.696{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6354-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222692Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:44.100{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-39351-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222694Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:45.404{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-44732-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222695Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:46.492{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-49987-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186098Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:05:47.348{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6384-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186097Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:05:47.117{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in19406-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222697Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:47.572{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-55902-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222696Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:47.550{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in9125-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222698Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:48.652{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-2439-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222699Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:49.744{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-7332-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222700Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:50.837{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-13119-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186099Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:05:50.658{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local50659-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222702Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:53.006{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-23288-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222701Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:51.929{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-18259-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222703Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:54.085{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-28881-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222704Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:55.192{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-34252-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222705Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:56.274{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-39034-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222706Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:57.353{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-44835-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222707Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:58.430{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-50477-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000186100Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:06:02.481{E74F01E8-8FBD-6086-0B00-00000000BA01}5844816C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000222708Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:05:59.509{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-55369-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222709Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:00.746{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-1776-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222710Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:01.834{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-8330-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222711Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:02.915{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-13696-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222712Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:04.030{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-19151-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222713Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:05.120{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-24367-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222714Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:06.216{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-30102-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222715Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:07.321{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-35478-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186101Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:06:07.250{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11996-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222717Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:08.396{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.61.54.80-40896-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222716Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:07.494{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11837-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222718Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:15.558{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in55728-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186102Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:06:15.152{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in53918-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000222728Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:06:23.392{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222727Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:06:23.392{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09fb672a) 13241300x8000000000000000222726Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:06:23.392{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c05-0x60e9905a) 13241300x8000000000000000222725Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:06:23.392{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0d-0xc2adf85a) 13241300x8000000000000000222724Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:06:23.392{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c16-0x2472605a) 13241300x8000000000000000222723Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:06:23.392{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222722Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:06:23.392{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09fb672a) 13241300x8000000000000000222721Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:06:23.392{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c05-0x60e9905a) 13241300x8000000000000000222720Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:06:23.392{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0d-0xc2adf85a) 13241300x8000000000000000222719Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:06:23.392{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c16-0x2472605a) 354300x8000000000000000186103Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:06:20.162{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse212.83.175.232212-83-175-232.rev.poneytelecom.eu26321-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222729Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:20.591{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse212.83.175.232212-83-175-232.rev.poneytelecom.eu26307-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222730Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:37.498{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk8241-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186104Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:06:37.202{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk8329-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186105Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:06:39.755{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local55694-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222731Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:43.634{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in38135-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186106Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:06:43.232{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in64970-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000222767Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222766Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222765Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222764Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222763Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222762Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222761Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222760Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222759Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222758Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222757Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222756Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222755Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222754Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222753Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222752Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222751Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222750Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222749Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222748Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222747Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222746Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222745Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222744Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222743Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222742Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222741Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222740Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222739Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222738Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222737Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222736Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222735Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222734Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222733Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222732Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:03.955{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186107Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:06:59.629{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12753-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222768Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:06:59.800{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12461-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000186110Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:08.889{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000186109Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:08.889{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Config SourceDWORD (0x00000001) 13241300x8000000000000000186108Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:08.889{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_4FA15643-EFBD-40F1-AD20-B67AEE8B2612.XML 354300x8000000000000000222769Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:07:11.718{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in8019-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186111Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:07:11.272{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in5039-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000222772Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:25.393{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222771Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:25.393{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222770Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:07:25.393{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222773Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:07:27.483{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7785-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186113Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:07:27.081{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7798-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186112Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:07:26.685{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local58546-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222774Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:07:39.762{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in36198-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186114Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:07:39.326{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in9251-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000186124Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:48.013{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000186123Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:48.013{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a1a8c8e) 13241300x8000000000000000186122Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:48.013{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c05-0x92790ff0) 13241300x8000000000000000186121Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:48.013{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0d-0xf43d77f0) 13241300x8000000000000000186120Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:48.013{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c16-0x5601dff0) 13241300x8000000000000000186119Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:48.013{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000186118Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:48.013{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a1a8c8e) 13241300x8000000000000000186117Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:48.013{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c05-0x92790ff0) 13241300x8000000000000000186116Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:48.013{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0d-0xf43d77f0) 13241300x8000000000000000186115Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:07:48.013{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c16-0x5601dff0) 354300x8000000000000000186125Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:07:49.303{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12350-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222775Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:07:49.671{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12224-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222776Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:08:07.816{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in5979-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186126Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:08:07.400{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in55289-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186127Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:08:13.648{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local61852-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222777Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:08:15.874{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6240-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186128Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:08:15.445{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6248-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222778Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:08:35.907{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in14508-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186129Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:08:35.503{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in51284-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222779Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:08:39.058{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12123-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186130Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:08:38.813{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12334-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000222815Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222814Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222813Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222812Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222811Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222810Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222809Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222808Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222807Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222806Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222805Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222804Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222803Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222802Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222801Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222800Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222799Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222798Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222797Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222796Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222795Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222794Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222793Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222792Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222791Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222790Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222789Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222788Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222787Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222786Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222785Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222784Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222783Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222782Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222781Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222780Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:09:04.959{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186131Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:09:00.037{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local63019-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222816Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:09:03.967{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in51235-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186132Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:09:03.534{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in21445-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222817Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:09:05.852{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5461-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186133Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:09:05.488{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5469-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222818Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:09:32.055{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in54750-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186134Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:09:31.641{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in5378-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186135Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:09:33.147{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14466-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222819Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:09:33.077{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13984-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000186154Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.597{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186153Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.597{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186152Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.597{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186151Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.597{E74F01E8-8FBD-6086-0B00-00000000BA01}5844704C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000186150Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186149Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186148Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186147Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186146Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186145Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186144Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186143Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186142Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186141Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186140Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186139Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186138Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186137Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186136Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:09:42.487{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186155Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:09:45.572{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local64121-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186156Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:09:53.212{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse106.120.139.1818.139.120.106.static.bjtelecom.net59379-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186159Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:10:03.454{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186158Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:10:03.454{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186157Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:10:03.454{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186160Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:09:59.812{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in57752-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222820Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:10:00.233{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in46033-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186161Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:10:01.531{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9886-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222821Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:10:01.930{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9840-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186163Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:10:27.817{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in55419-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186162Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:10:27.609{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3182-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222823Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:10:28.245{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in45508-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222822Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:10:27.969{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3111-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186164Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:10:31.279{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local65053-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186165Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:10:55.824{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in8882-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186166Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:10:56.071{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12263-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222825Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:10:56.482{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk12252-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222824Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:10:56.239{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in55238-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000222861Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222860Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222859Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222858Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222857Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222856Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222855Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222854Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222853Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222852Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222851Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222850Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222849Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222848Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222847Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222846Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222845Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222844Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222843Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222842Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222841Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222840Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222839Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222838Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222837Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222836Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222835Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222834Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222833Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222832Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222831Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222830Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222829Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222828Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222827Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222826Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:11:05.961{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000186167Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:11:15.584{E74F01E8-8FC0-6086-1300-00000000BA01}364C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0e-0x711ff496) 354300x8000000000000000186168Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:11:14.564{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.2.147-1131-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000222871Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:11:23.399{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222870Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:11:23.399{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09fffb0a) 13241300x8000000000000000222869Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:11:23.399{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c06-0x13b9ee5a) 13241300x8000000000000000222868Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:11:23.399{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0e-0x757e565a) 13241300x8000000000000000222867Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:11:23.399{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c16-0xd742be5a) 13241300x8000000000000000222866Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:11:23.399{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222865Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:11:23.399{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x09fffb0a) 13241300x8000000000000000222864Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:11:23.399{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c06-0x13b9ee5a) 13241300x8000000000000000222863Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:11:23.399{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0e-0x757e565a) 13241300x8000000000000000222862Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:11:23.399{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c16-0xd742be5a) 354300x8000000000000000186169Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:11:18.963{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local51269-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222872Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:11:24.322{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in36968-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186170Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:11:23.898{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in41709-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186171Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:11:26.038{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9029-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222873Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:11:26.416{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk8964-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000222874Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:11:43.758{4C77B871-9763-6086-1400-00000000BB01}1028C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0e-0x81eafaf1) 354300x8000000000000000222875Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:11:51.376{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1654-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186172Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:11:51.076{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1755ms-streamingfalse10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222876Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:11:52.409{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in43067-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186173Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:11:51.957{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in44259-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000222877Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:12:05.792{4C77B871-9763-6086-1400-00000000BB01}1028C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0e-0x8f0d0c11) 354300x8000000000000000186174Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:12:03.628{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local52838-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000186177Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:09.838{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000186176Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:09.822{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Config SourceDWORD (0x00000001) 13241300x8000000000000000186175Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:09.822{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_4FA15643-EFBD-40F1-AD20-B67AEE8B2612.XML 13241300x8000000000000000186178Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:16.697{E74F01E8-8FC0-6086-1300-00000000BA01}364C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c0e-0x958d0a39) 354300x8000000000000000186179Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:12:17.312{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9779-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222879Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:12:20.720{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9661-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222878Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:12:20.468{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in29189-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186180Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:12:20.043{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in12400-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000222882Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:12:25.401{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222881Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:12:25.401{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222880Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:12:25.401{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186182Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:12:43.165{E74F01E8-8FC0-6086-1600-00000000BA01}11923892C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186181Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:12:43.165{E74F01E8-8FC0-6086-1600-00000000BA01}11923892C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000186192Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:48.025{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000186191Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:48.025{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a1f207d) 13241300x8000000000000000186190Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:48.025{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c06-0x454bb7e0) 13241300x8000000000000000186189Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:48.025{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0e-0xa7101fe0) 13241300x8000000000000000186188Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:48.025{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c17-0x08d487e0) 13241300x8000000000000000186187Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:48.025{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000186186Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:48.025{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a1f207d) 13241300x8000000000000000186185Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:48.025{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c06-0x454bb7e0) 13241300x8000000000000000186184Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:48.025{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0e-0xa7101fe0) 13241300x8000000000000000186183Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:12:48.025{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c17-0x08d487e0) 354300x8000000000000000222883Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:12:46.894{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5037-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186193Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:12:48.110{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in16564-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222884Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:12:48.545{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in50116-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186195Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:12:49.464{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5078-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186194Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:12:48.804{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local54226-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000222920Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222919Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222918Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222917Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222916Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222915Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222914Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222913Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222912Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222911Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222910Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222909Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222908Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222907Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222906Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222905Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222904Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222903Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222902Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222901Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222900Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222899Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222898Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222897Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222896Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222895Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222894Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222893Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222892Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222891Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222890Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222889Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222888Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222887Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222886Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222885Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:13:06.965{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186196Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:13:12.667{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11768-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222921Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:13:12.951{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11635-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222922Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:13:16.697{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in29828-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186197Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:13:16.271{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in63168-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222923Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:13:33.504{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14647-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186198Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:13:33.141{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14746-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186199Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:13:34.751{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local55399-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186200Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:13:44.339{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in49434-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222924Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:13:44.753{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in20607-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186201Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:13:52.552{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk2830-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222925Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:13:52.944{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk2810-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222926Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:14:12.873{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in38244-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186202Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:14:12.457{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in5173-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222927Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:14:15.781{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5937-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186203Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:14:15.426{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6003-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186204Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:14:19.304{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local55949-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186223Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.732{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186222Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.732{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186221Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.732{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186220Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.732{E74F01E8-8FBD-6086-0B00-00000000BA01}5844412C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000186219Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186218Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186217Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186216Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186215Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186214Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186213Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186212Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186211Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186210Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186209Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186208Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186207Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186206Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186205Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:14:42.623{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186224Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:14:40.524{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in63634-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222928Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:14:40.954{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in58617-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000222929Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:14:42.884{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk10633-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186225Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:14:46.040{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11066-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186228Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:15:03.466{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186227Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:15:03.466{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186226Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:15:03.466{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000222930Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:15:01.506{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14836-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186229Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:01.117{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14872-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000222966Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222965Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222964Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222963Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222962Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222961Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222960Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222959Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222958Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222957Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222956Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222955Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222954Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222953Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222952Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222951Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222950Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222949Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222948Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222947Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222946Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222945Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222944Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222943Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222942Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222941Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222940Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222939Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222938Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222937Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222936Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222935Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222934Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222933Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222932Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222931Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:15:07.974{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186230Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:03.369{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local56525-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222967Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:15:08.989{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in51037-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186231Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:08.556{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in34958-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186233Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:12.794{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-31170-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186232Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:12.693{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30283-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186234Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:13.475{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse39.129.165.93-59609-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186235Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:14.607{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44808-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186237Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:17.989{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-11870-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186236Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:16.368{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-57635-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186238Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:19.714{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-24761-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186239Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:22.036{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40069-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186240Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:23.785{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53615-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186241Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:26.067{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8814-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222968Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:15:27.054{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6705-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186242Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:26.701{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6776-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186243Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:27.814{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-23820-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186244Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:29.662{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-37240-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186245Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:31.525{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-51803-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186246Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:33.598{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-7525-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186247Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:35.456{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-20140-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186248Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:36.576{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in6983-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222969Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:15:36.999{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in12042-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186249Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:37.259{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-34126-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186251Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:15:43.611{E74F01E8-8FBF-6086-0D00-00000000BA01}8323732C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1600-00000000BA01}1192C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186250Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:39.093{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-48127-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186252Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:41.029{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-3540pnrp-portfalse10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186253Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:43.438{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-17929-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186254Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:45.417{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-32619-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186255Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:47.513{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-47444-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186256Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:48.246{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local57460-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186257Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:49.597{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2468-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222970Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:15:52.590{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13779-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186260Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:52.844{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-29361-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186259Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:52.283{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13876-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186258Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:51.395{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16325-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186261Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:54.798{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42755-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186262Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:56.396{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-56508-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186263Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:15:58.219{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-9783-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186265Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:00.031{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22722-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186264Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:16:03.345{E74F01E8-8FBD-6086-0B00-00000000BA01}5841960C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000186266Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:01.881{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-36411-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186268Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:04.620{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in25065-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186267Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:03.563{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-49376-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186269Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:05.760{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-5596-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222971Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:16:05.063{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in30387-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186270Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:07.759{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-20926-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186272Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:09.965{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-35846-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186271Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:09.191{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse106.120.139.1818.139.120.106.static.bjtelecom.net64827-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186273Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:11.474{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-48254-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186274Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:13.547{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2794-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186275Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:15.624{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16867-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186276Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:17.655{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-31425-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000222981Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:16:23.404{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222980Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:16:23.404{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a048eea) 13241300x8000000000000000222979Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:16:23.404{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c06-0xc68a4c5a) 13241300x8000000000000000222978Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:16:23.404{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0f-0x284eb45a) 13241300x8000000000000000222977Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:16:23.404{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c17-0x8a131c5a) 13241300x8000000000000000222976Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:16:23.404{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000222975Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:16:23.404{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a048eea) 13241300x8000000000000000222974Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:16:23.404{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c06-0xc68a4c5a) 13241300x8000000000000000222973Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:16:23.404{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0f-0x284eb45a) 13241300x8000000000000000222972Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:16:23.404{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c17-0x8a131c5a) 354300x8000000000000000186278Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:20.488{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9249-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186277Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:19.527{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44539-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186279Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:22.029{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59865-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186280Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:23.646{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-14667-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186281Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:25.503{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28863-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222982Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:16:26.930{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9207-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186282Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:27.639{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44305-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186283Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:29.526{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59355-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222983Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:16:33.170{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in40993-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186286Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:32.728{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in46573-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186285Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:32.270{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local58190-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186284Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:31.359{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13582-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186288Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:33.293{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27215-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186287Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localWinRM12021-04-28 09:16:32.852{E74F01E8-8FBA-6086-0100-00000000BA01}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse162.142.125.56scanner-05.ch1.censys-scanner.com42274-false10.0.1.14project-london-dc.iris.local5985- 354300x8000000000000000186290Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localWinRM12021-04-28 09:16:34.104{E74F01E8-8FBA-6086-0100-00000000BA01}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse162.142.125.56scanner-05.ch1.censys-scanner.com51890-false10.0.1.14project-london-dc.iris.local5985- 354300x8000000000000000186289Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localWinRM12021-04-28 09:16:33.937{E74F01E8-8FBA-6086-0100-00000000BA01}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse162.142.125.56scanner-05.ch1.censys-scanner.com47310-false10.0.1.14project-london-dc.iris.local5985- 354300x8000000000000000186292Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localWinRM12021-04-28 09:16:35.274{E74F01E8-8FBA-6086-0100-00000000BA01}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse162.142.125.56scanner-05.ch1.censys-scanner.com59170-false10.0.1.14project-london-dc.iris.local5985- 354300x8000000000000000186291Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:35.178{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41542-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186293Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:37.116{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-55582-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186294Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:39.090{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-12764-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186295Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:41.045{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27833-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186296Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:42.864{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41516-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186297Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:44.951{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-56285-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186298Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:45.701{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1925-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186299Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:46.744{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-10785-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222984Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:16:46.068{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1866-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186300Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:48.301{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.165.16.34-49219-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186303Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:50.234{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-38053-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186302Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:48.595{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-24469-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186301Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:48.374{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse194.165.16.34-49286-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186304Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:52.102{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-51154-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186305Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:54.038{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-6491-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186306Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:56.202{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22288-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186307Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:16:58.052{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-35841-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000222985Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:17:01.278{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in21045-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186309Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:00.837{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in59957-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186308Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:00.022{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-51256-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186310Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:01.448{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4652-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186311Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:03.016{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16679-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000223021Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223020Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223019Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223018Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223017Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223016Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223015Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223014Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223013Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223012Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223011Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223010Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223009Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223008Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223007Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223006Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223005Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223004Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223003Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223002Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223001Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223000Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222999Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222998Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222997Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222996Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222995Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222994Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222993Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222992Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222991Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222990Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222989Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222988Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222987Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000222986Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:08.984{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186312Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:04.756{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-29521-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000186316Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:10.782{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000186315Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:10.767{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Config SourceDWORD (0x00000001) 13241300x8000000000000000186314Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:10.767{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_4FA15643-EFBD-40F1-AD20-B67AEE8B2612.XML 354300x8000000000000000186313Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:06.279{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42255-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186317Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:08.378{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-55129-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186318Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:10.083{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-9404-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186319Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:11.988{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-23733-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186321Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:14.132{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11156-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186320Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:13.990{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-38265-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186324Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:16.000{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local58320-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186323Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:15.923{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.2.147-37242-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186322Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:15.692{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-52674-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223022Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:17:17.441{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11006-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186325Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:17.787{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-7743-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186328Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:20.011{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-12418-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186327Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:19.989{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-12322-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186326Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:19.340{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-20523-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186330Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:21.331{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-34292-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186329Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:21.115{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-20009-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000223025Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:25.406{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223024Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:25.406{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223023Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:17:25.406{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186331Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:22.317{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-28066-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186333Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:23.565{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-35717-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186332Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:23.116{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-47669-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186335Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:25.081{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2843-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186334Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:24.917{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-44288-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186338Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:27.318{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-2176-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186337Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:26.869{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-17181-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186336Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:26.219{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-52700-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186340Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:28.420{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-10346-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186339Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:28.219{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-29872-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186343Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:29.844{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42906-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186342Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:29.672{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-18132-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186341Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:28.862{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in61045-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223026Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:17:29.288{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in26526-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186344Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:30.817{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-26041-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186345Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:31.520{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54597-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186346Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:31.948{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-34431-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186348Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:33.148{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8132-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186347Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:33.120{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-42226-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186349Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:34.300{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-49837-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186351Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:35.420{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-57770-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186350Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:35.263{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22474-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186352Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:36.682{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-6875-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186354Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:37.896{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-14990-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186353Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:37.020{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-35664-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223027Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:17:39.674{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk4367-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186357Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:39.259{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk4375-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186356Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:38.990{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-23205-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186355Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:38.929{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-49372-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186358Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:40.126{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-31136-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186360Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:41.288{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-38866-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186359Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:40.599{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-3954-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186362Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:42.532{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-46822-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186361Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:42.366{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-17716-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186363Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:43.644{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-55040-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186375Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:44.722{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-4303-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186374Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:44.123{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-31131-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000186373Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:48.032{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000186372Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:48.032{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a23b45d) 13241300x8000000000000000186371Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:48.032{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c06-0xf81c15e0) 13241300x8000000000000000186370Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:48.032{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0f-0x59e07de0) 13241300x8000000000000000186369Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:48.032{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c17-0xbba4e5e0) 13241300x8000000000000000186368Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:48.032{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000186367Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:48.032{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a23b45d) 13241300x8000000000000000186366Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:48.032{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c06-0xf81c15e0) 13241300x8000000000000000186365Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:48.032{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0f-0x59e07de0) 13241300x8000000000000000186364Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:17:48.032{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c17-0xbba4e5e0) 354300x8000000000000000186377Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:45.953{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44321-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186376Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:45.835{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-11329-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186378Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:46.993{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19345-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186379Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:47.797{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-58100-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186382Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:49.915{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13870-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186381Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:49.348{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-34587-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186380Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:48.138{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-27133-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186383Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:50.712{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-43162-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186386Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:53.024{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-1424-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186385Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:51.942{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-52208-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186384Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:51.859{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28804-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186387Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:53.779{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42366-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186388Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:54.339{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-9045-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186390Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:55.679{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-57778-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186389Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:55.580{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-17649-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223028Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:17:57.345{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in29377-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186392Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:56.915{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in44637-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186391Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:56.707{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-25452-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186395Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:59.028{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-40986-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186394Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:57.878{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-33694-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186393Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:57.703{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-12973-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186397Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:59.733{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local58756-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186396Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:17:59.388{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-26737-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186398Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:00.299{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-48810-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223029Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:18:02.540{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk8795-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186400Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:01.414{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-57098-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186399Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:01.306{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39491-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186402Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:02.570{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-5486-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186401Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:02.193{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk8834-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186404Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:03.671{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-13263-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186403Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:03.027{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53319-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186406Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:04.797{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-21284-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186405Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:04.453{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-7811-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186409Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:07.079{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-36568-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186408Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:06.911{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22945-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186407Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:05.950{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-28758-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186410Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:08.234{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-44356-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186411Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:08.812{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-37079-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186412Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:09.396{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-52188-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186414Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:10.768{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-52545-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186413Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:10.611{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-59774-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186415Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:11.742{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-8978-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186417Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:12.850{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-17015-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186416Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:12.799{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8842-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186420Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:14.856{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-24000-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186419Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:14.758{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22584-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186418Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:13.977{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-24647-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186425Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.336{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-33324-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186424Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.309{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-33090-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186423Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.284{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-32741-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186422Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.263{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-32480-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186421Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:14.962{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-24982-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186434Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.782{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-37035-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186433Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.714{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-36772-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186432Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.677{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-36328-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186431Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.611{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-35800-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186430Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.546{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-35179-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186429Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.486{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-34452-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186428Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.435{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-34014-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186427Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.395{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-33873-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186426Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:15.368{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-33642-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186467Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.263{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-53852-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186466Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.238{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-53695-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186465Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.216{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-53529-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186464Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.191{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-53396-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186463Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.170{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-53204-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186462Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.143{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-53006-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186461Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.113{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-52810-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186460Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.085{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-52516-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186459Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.046{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-52280-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186458Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.010{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-52038-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186457Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.968{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-51641-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186456Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.920{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-51197-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186455Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.871{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-50994-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186454Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.838{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-50869-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186453Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.806{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-50758-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186452Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.773{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-50533-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186451Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.736{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-50355-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186450Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.704{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-50219-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186449Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.666{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-50001-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186448Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.632{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-49630-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186447Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.594{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-49070-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186446Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.459{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-47996-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186445Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.293{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-47541-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186444Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.246{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-47129-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186443Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.193{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-46749-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186442Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.145{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-46419-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186441Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.108{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-46043-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186440Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.083{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-45861-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186439Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.058{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-45673-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186438Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.031{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-45459-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186437Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:17.006{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-45262-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186436Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:16.811{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40652-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186435Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:16.652{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-38140-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186468Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.382{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-54082-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186474Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:20.039{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-6863-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186473Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:19.962{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-6254-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186472Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:19.879{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-4617-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186471Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:19.791{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-4061-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186470Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.693{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54464-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186469Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:18.540{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53231-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186478Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:20.338{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-8916-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186477Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:20.242{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-8386-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186476Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:20.171{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-7807-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186475Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:20.099{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-7383-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186508Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.131{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-20735-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186507Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.106{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-20604-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186506Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.083{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-20463-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186505Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.060{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-20338-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186504Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.037{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-20208-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186503Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.013{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-20078-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186502Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.987{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19975-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186501Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.966{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19784-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186500Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.943{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19600-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186499Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.918{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19408-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186498Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.912{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-17446-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186497Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.892{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19239-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186496Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.866{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19099-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186495Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.842{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-18891-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186494Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.818{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-17148-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186493Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.811{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-18612-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186492Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.771{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-18204-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186491Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.721{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16918-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186490Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.717{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-17793-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186489Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.667{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-17433-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186488Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.627{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16416-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186487Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.617{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-17064-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186486Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.552{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-16571-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186485Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.532{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16039-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186484Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.438{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15360-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186483Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.343{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15025-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186482Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.247{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-14082-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186481Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.151{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-12415-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186480Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:21.033{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-11044-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186479Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:20.928{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-9886-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186520Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.258{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30038-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186519Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.163{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28867-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186518Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.066{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28165-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186517Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.971{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27774-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186516Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.876{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-26727-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186515Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.719{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-24171-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186514Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.612{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-23093-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186513Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.515{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22627-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186512Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.415{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-21428-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186511Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.316{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-19582-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186510Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.199{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18018-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186509Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:22.153{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-20972-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186546Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.024{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-33332-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186545Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.000{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-33172-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186544Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.977{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-33008-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186543Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.953{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-32878-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186542Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.929{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-32739-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186541Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.906{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-32618-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186540Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.884{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-32533-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186539Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.860{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-32442-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186538Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.837{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-32359-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186537Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.811{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-32297-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186536Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.787{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-32206-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186535Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.767{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-32047-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186534Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.743{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-31960-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186533Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.720{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-31855-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186532Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.693{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-31727-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186531Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.665{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-31496-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186530Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.646{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-32377-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186529Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.621{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-31111-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186528Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.561{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-30568-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186527Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.549{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-31816-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186526Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.485{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-30233-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186525Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.452{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-31183-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186524Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.422{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-29806-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186523Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.360{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-29349-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186522Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.355{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30679-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186521Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:23.290{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-28875-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186560Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.278{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44367-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186559Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.181{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-43665-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186558Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.086{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-43244-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186557Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.988{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42196-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186556Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.977{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in25186-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186555Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.891{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40523-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186554Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.793{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-38613-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186553Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.681{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-37965-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186552Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.562{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-37089-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186551Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.446{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-36601-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186550Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.346{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-36277-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186549Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.244{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-35612-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186548Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.049{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-33480-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186547Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:24.037{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-33091-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223030Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:18:25.426{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in47562-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186588Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.105{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-47116-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186587Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.080{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-46982-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186586Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.077{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-46960-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186585Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.056{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-46891-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186584Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.018{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-46341-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186583Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.956{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-45853-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186582Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.754{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-46087-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186581Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.734{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-45566-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186580Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.710{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-45430-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186579Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.687{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-45245-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186578Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.663{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-45075-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186577Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.659{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-45641-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186576Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.642{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-44910-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186575Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.618{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-44723-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186574Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.593{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-44585-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186573Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.570{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-44469-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186572Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.565{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-45446-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186571Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.549{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-44315-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186570Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.526{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-44129-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186569Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.500{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-43901-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186568Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.477{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-43739-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186567Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.468{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-45227-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186566Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.454{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-43545-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186565Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.432{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-43359-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186564Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.409{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-43205-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186563Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.388{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-43028-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186562Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.373{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44962-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186561Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:25.363{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-42905-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186593Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.312{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-51573-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186592Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.261{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-49235-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186591Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.209{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-48470-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186590Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.187{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-49229-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186589Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.134{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-47271-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186609Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.607{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-57779-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186608Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.587{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-57640-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186607Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.566{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-57391-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186606Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.535{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-56657-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186605Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.472{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-1666-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186604Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.378{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-1171-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186603Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.283{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59653-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186602Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.188{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59057-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186601Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.093{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-58481-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186600Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.999{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-57554-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186599Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.899{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-56458-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186598Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.803{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-55442-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186597Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.705{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54484-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186596Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.605{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53883-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186595Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.505{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-52329-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186594Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:26.407{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-51948-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186628Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:28.459{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8375-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186627Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:28.340{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-7296-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186626Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:28.228{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-6405-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186625Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:28.113{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4261-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186624Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:28.082{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-2827-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186623Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:28.038{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-2485-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186622Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.998{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-2002-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186621Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.948{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-1544-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186620Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.898{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2462-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186619Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.895{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-1117-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186618Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.853{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-59765-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186617Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.817{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-59519-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186616Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.785{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-59220-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186615Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.758{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-59048-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186614Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.736{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-58834-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186613Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.711{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-58580-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186612Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.683{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-58325-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186611Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.655{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-58126-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186610Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:27.630{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-57952-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223031Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:18:29.985{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3778-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186655Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.621{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-13504-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186654Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.595{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-13412-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186653Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.573{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-13299-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186652Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.551{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-13139-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186651Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.524{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-12914-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186650Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.489{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-12541-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186649Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.450{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-12227-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186648Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.444{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15781-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186647Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.411{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-11970-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186646Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.381{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-11710-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186645Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.350{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15323-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186644Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.348{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-11516-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186643Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.320{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-11321-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186642Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.292{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-11148-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186641Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.268{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-10980-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186640Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.256{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-14985-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186639Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.244{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-10759-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186638Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.222{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-10546-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186637Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.202{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-10372-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186636Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.179{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-10093-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186635Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.161{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-14506-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186634Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.066{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13910-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186633Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:28.970{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13192-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186632Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:28.875{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-12092-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186631Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:28.767{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-10754-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186630Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:28.655{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-9813-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186629Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:28.554{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8920-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186691Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.594{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-20189-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186690Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.569{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-20020-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186689Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.546{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19845-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186688Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.525{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19696-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186687Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.501{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19482-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186686Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.476{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19305-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186685Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.452{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-19120-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186684Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.426{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-18938-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186683Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.402{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-18781-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186682Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.377{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-18567-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186681Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.350{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-18354-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186680Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.327{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-18161-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186679Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.301{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-17977-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186678Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.276{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-17784-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186677Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.251{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-17598-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186676Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.219{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-17339-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186675Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.187{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-17080-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186674Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.162{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-16868-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186673Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.135{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-16487-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186672Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.091{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-16197-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186671Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.055{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-16017-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186670Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.048{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-20218-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186669Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.032{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-15806-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186668Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:30.009{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-15648-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186667Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.984{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-15496-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186666Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.959{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-15387-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186665Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.953{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-19282-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186664Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.937{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-15205-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186663Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.910{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-15044-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186662Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.885{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-14893-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186661Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.862{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-14375-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186660Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.837{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18036-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186659Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.813{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-13793-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186658Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.736{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16537-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186657Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.722{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3939-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186656Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:29.644{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.1.175-13597-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186692Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:32.157{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-36105-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186693Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:33.987{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-48987-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186694Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:35.933{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4877-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186695Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:37.698{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18442-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186696Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:39.642{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-32597-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186697Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:41.572{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-46277-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186699Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:43.928{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse117.2.6.27project-london-dc.iris.local59470-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186698Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:43.465{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2051-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186700Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:45.292{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15539-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186701Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:47.578{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-31548-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186702Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:49.205{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44049-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186703Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:51.277{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-58871-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223033Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:18:54.430{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9268-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000223032Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:18:53.444{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in41445-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186705Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:53.124{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15334-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186704Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:53.012{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in40704-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186706Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:55.006{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27546-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186707Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:56.344{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40820-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186708Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:18:58.061{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53782-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186709Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:00.295{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-9544-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186710Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:01.907{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-23665-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186711Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:04.076{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-37563-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000223060Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223059Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223058Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223057Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223056Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223055Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223054Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223053Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223052Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223051Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223050Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223049Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223048Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223047Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223046Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223045Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223044Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223043Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223042Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223041Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223040Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223039Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223038Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223037Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223036Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223035Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223034Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186712Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:05.764{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-51756-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000223069Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223068Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223067Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223066Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223065Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223064Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223063Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223062Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223061Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:19:09.993{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186713Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:07.431{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4311-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186714Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:09.038{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15998-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186715Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:10.618{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28121-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186716Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:12.415{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41072-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186717Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:14.643{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-55277-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186718Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:16.549{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-11427-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223070Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:19:17.826{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14901-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186719Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:18.682{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-25659-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186720Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:20.414{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39331-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223071Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:19:21.534{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in52901-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186721Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:21.094{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in11039-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186722Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:22.602{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53777-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186723Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:24.284{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8385-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186724Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:26.399{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22084-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186725Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:28.072{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-35376-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186726Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:29.934{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-49188-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186727Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:31.468{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-3624-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186728Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:33.030{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15880-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186729Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:34.912{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28230-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186730Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:36.577{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41589-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186751Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:38.811{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-16828-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186750Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:38.628{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54931-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186749Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.864{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186748Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.864{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186747Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.864{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186746Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.864{E74F01E8-8FBD-6086-0B00-00000000BA01}5844412C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000186745Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186744Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186743Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186742Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186741Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186740Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186739Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186738Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186737Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186736Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186735Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186734Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186733Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186732Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186731Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:19:42.754{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000223072Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:19:39.231{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-16799-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186752Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:40.310{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-7774-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186753Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:42.217{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-20820-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186754Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:43.918{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-34704-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223073Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:19:45.848{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk9341-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186755Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:45.906{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-48669-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186756Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:47.523{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2788-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223074Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:19:49.621{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in44617-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186757Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:49.197{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in30327-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186758Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:49.476{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16415-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186759Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:51.241{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-29948-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186760Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:53.373{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44372-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186761Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:55.455{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59526-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186762Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:57.493{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-14778-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186766Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:20:03.473{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186765Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:20:03.473{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186764Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:20:03.473{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186763Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:19:59.420{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-29714-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186767Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:01.349{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-43915-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186768Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:03.222{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-57503-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186769Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:05.269{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-12799-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186770Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:06.945{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-26516-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223075Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:20:08.567{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14088-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186771Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:08.843{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40256-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186772Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:10.870{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53810-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186773Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:12.953{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-10325-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186774Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:14.740{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-25239-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223076Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:20:17.711{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in27076-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186776Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:17.285{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in35519-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186775Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:16.920{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39419-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186777Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:19.071{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-56941-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186778Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:21.131{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-11570-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186779Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:22.713{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-25258-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186780Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:24.860{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39169-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186781Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:26.565{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53347-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186782Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:28.618{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-6674-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186783Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:30.467{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-20728-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186784Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:32.249{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-32535-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223077Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:20:32.444{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6354-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186785Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:34.240{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-46824-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186786Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:36.007{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-1827-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186787Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:38.341{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-17259-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186788Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:39.936{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30560-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186789Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:41.716{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-43551-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186790Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:43.932{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59153-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186791Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:45.299{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in21170-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223078Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:20:45.746{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in16774-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186792Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:45.922{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-14934-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186793Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:47.890{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-29287-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186794Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:50.185{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44987-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186795Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:51.941{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-58177-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186796Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:54.110{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13190-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186797Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:55.807{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27169-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186798Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:57.748{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40504-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186799Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:20:59.564{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54379-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186800Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:01.695{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-9962-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223079Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:21:03.679{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13859-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186801Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:03.610{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-24992-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186802Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:06.023{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40177-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000223115Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223114Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223113Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223112Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223111Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223110Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223109Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223108Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223107Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223106Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223105Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223104Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223103Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223102Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223101Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223100Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223099Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223098Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223097Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223096Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223095Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223094Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223093Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223092Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223091Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223090Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223089Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223088Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223087Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223086Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223085Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223084Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223083Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223082Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223081Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223080Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:21:11.001{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186803Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:07.832{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53488-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186804Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:09.516{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-7647-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186805Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:11.506{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-20884-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223116Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:21:13.806{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in44030-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186807Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:13.420{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-34219-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186806Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:13.385{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in31035-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186808Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:15.508{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-49449-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186809Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:17.250{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4841-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186810Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:18.800{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18225-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000223126Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:21:23.407{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000223125Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:21:23.407{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a0922ca) 13241300x8000000000000000223124Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:21:23.407{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c07-0x795aaa5a) 13241300x8000000000000000223123Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:21:23.407{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0f-0xdb1f125a) 13241300x8000000000000000223122Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:21:23.407{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c18-0x3ce37a5a) 13241300x8000000000000000223121Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:21:23.407{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000223120Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:21:23.407{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a0922ca) 13241300x8000000000000000223119Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:21:23.407{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c07-0x795aaa5a) 13241300x8000000000000000223118Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:21:23.407{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c0f-0xdb1f125a) 13241300x8000000000000000223117Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:21:23.407{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c18-0x3ce37a5a) 354300x8000000000000000186811Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:20.972{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30165-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186812Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:22.587{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44261-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186813Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:24.460{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-57204-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223127Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:21:24.759{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5672-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186814Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:26.899{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-12869-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186815Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:28.631{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-24818-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186816Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:30.579{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39241-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186817Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:32.362{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-52440-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186818Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:33.808{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-5863-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186819Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:35.890{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-19499-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186820Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:37.777{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-34139-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223128Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:21:41.893{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in19399-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186823Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:41.485{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-1755ms-streamingfalse10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186822Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:41.459{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in15361-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186821Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:39.698{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-48032-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186824Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:43.492{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16305-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186825Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:45.331{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30941-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186826Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:47.260{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44491-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186827Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:49.190{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59519-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186828Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:50.968{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13731-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223129Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:21:53.361{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14744-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186829Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:52.801{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27384-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186830Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:54.786{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42065-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186831Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:56.661{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-56550-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186832Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:21:58.634{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-12174-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186833Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:00.601{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27335-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186834Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:02.674{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41532-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186835Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:04.547{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54649-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186836Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:06.746{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-10955-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000186839Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:12.570{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000186838Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:12.570{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Config SourceDWORD (0x00000001) 13241300x8000000000000000186837Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:12.570{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_4FA15643-EFBD-40F1-AD20-B67AEE8B2612.XML 354300x8000000000000000223130Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:22:09.949{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in19083-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186841Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:09.533{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in47493-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186840Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:08.756{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27624-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186842Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:10.602{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40542-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186843Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:12.463{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54059-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186844Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:14.199{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8186-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186845Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:16.028{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-21521-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223131Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:22:18.685{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6947-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186846Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:17.897{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-35411-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186847Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:19.876{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-51058-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186848Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:21.708{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-5533-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000223134Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:22:25.410{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223133Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:22:25.410{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223132Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:22:25.410{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186850Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:23.653{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-20444-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186849Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:23.213{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse106.120.139.1818.139.120.106.static.bjtelecom.net53954-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186851Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:25.522{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-34555-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186852Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:27.146{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-47722-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186853Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:29.118{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2362-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186854Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:30.954{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15968-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186855Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:33.108{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-32025-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186856Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:34.778{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-45756-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186857Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:36.753{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59551-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186858Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:37.641{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in3922-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223135Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:22:38.054{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in7559-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000186861Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:22:43.184{E74F01E8-8FC0-6086-1600-00000000BA01}11922976C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186860Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:22:43.184{E74F01E8-8FC0-6086-1600-00000000BA01}11922976C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186859Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:38.518{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13303-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186862Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:40.551{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28304-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186863Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:42.359{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41037-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186875Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:44.549{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse103.89.91.156-64800-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186874Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:44.060{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-55087-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000186873Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:48.043{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000186872Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:48.043{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a28484d) 13241300x8000000000000000186871Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:48.043{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c07-0xaaeee4e0) 13241300x8000000000000000186870Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:48.043{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c10-0x0cb34ce0) 13241300x8000000000000000186869Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:48.043{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c18-0x6e77b4e0) 13241300x8000000000000000186868Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:48.043{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000186867Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:48.043{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a28484d) 13241300x8000000000000000186866Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:48.043{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c07-0xaaeee4e0) 13241300x8000000000000000186865Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:48.043{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c10-0x0cb34ce0) 13241300x8000000000000000186864Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:22:48.043{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c18-0x6e77b4e0) 354300x8000000000000000223136Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:22:46.084{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13890-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186876Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:45.989{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-10183-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186877Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:47.663{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-23849-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186878Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:49.488{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-37161-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186879Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:51.313{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-51838-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186880Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:53.445{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-7133-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186881Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:55.158{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-19591-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186882Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:57.095{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-34465-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186883Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:22:58.925{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-48415-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186884Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:00.928{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4238-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186885Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:02.762{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18408-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186886Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:04.587{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-32436-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186887Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:05.659{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in43368-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186888Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:06.419{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-46342-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223137Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:23:06.090{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in50165-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186890Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:08.577{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-28109-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186889Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:08.497{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2350-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223174Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:23:08.997{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-28084-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000223173Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223172Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223171Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223170Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223169Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223168Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223167Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223166Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223165Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223164Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223163Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223162Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223161Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223160Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223159Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223158Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223157Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223156Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223155Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223154Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223153Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223152Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223151Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223150Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223149Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223148Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223147Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223146Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223145Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223144Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223143Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223142Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223141Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223140Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223139Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223138Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:23:12.011{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000223175Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:23:10.182{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5465-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186891Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:10.322{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16957-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186892Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:12.409{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-32141-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186893Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:13.226{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.2.147-13568-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186894Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:14.240{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-46526-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186895Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:16.084{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59812-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186896Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:18.087{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16041-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186897Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:20.060{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30899-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186898Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:21.940{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44480-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186899Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:23.861{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-58764-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186900Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:25.662{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13237-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186901Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:27.615{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28042-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186902Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:29.538{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42084-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186903Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:31.361{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-56430-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223176Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:23:34.164{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in15399-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186904Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:33.353{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-12048-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186905Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:33.767{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in11580-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186906Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:35.256{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-26794-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223177Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:23:37.388{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk13651-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186907Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:37.223{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40769-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186908Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:39.014{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-52882-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186909Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:40.729{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8045-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186910Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:42.935{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-24183-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186911Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:44.896{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39086-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186912Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:46.717{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53027-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186913Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:48.546{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-7889-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186914Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:51.181{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-26614-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186915Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:52.868{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39915-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186916Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:54.725{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53446-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186917Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:56.550{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-7996-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186918Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:23:58.329{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22001-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186919Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:00.454{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-36765-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186920Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:01.848{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in54835-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223178Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:24:01.273{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse103.89.91.156-64842-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186921Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:02.348{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-50618-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223179Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:24:02.301{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in41378-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186922Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:04.194{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-5642-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223180Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:24:06.197{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk8861-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186923Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:06.032{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18897-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186924Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:07.896{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-33964-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186925Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:09.885{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-47965-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186926Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:11.718{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-3160-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186933Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:13.579{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16357-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186932Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:18.188{E74F01E8-29C2-6089-3D53-00000000BA01}45524016C:\Windows\system32\conhost.exe{E74F01E8-29C2-6089-3C53-00000000BA01}4836C:\Windows\system32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186931Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:18.172{E74F01E8-8FBC-6086-0500-00000000BA01}372264C:\Windows\system32\csrss.exe{E74F01E8-29C2-6089-3D53-00000000BA01}4552C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000186930Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:18.172{E74F01E8-8FBC-6086-0500-00000000BA01}372484C:\Windows\system32\csrss.exe{E74F01E8-29C2-6089-3C53-00000000BA01}4836C:\Windows\system32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000186929Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:18.172{E74F01E8-8FC0-6086-1600-00000000BA01}11921640C:\Windows\system32\svchost.exe{E74F01E8-29C2-6089-3C53-00000000BA01}4836C:\Windows\system32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a7a1|c:\windows\system32\UBPM.dll+fa34|c:\windows\system32\UBPM.dll+cdcc|c:\windows\system32\UBPM.dll+d395|c:\windows\system32\UBPM.dll+dc95|c:\windows\system32\UBPM.dll+e9dd|c:\windows\system32\UBPM.dll+e1ba|c:\windows\system32\UBPM.dll+de12|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b55|C:\Windows\SYSTEM32\ntdll.dll+6585d|C:\Windows\SYSTEM32\ntdll.dll+656c0|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186928Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:18.172{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1600-00000000BA01}1192C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186927Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:18.172{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1600-00000000BA01}1192C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186934Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:15.408{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-31394-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186935Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:17.976{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-49062-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186937Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:21.593{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-17817-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186936Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:19.875{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4028-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186938Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:23.469{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30927-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186939Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:25.427{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-43633-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186940Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:27.080{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-56880-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186941Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:29.175{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-12936-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223181Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:24:30.396{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in62715-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186942Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:29.961{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in16065-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186943Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:31.260{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-26838-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223182Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:24:31.730{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1213-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186944Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:32.862{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39518-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186945Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:34.971{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54219-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186946Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:36.882{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-10692-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186961Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186960Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186959Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186958Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186957Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186956Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186955Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186954Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186953Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186952Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186951Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186950Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186949Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186948Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186947Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:42.891{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186966Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:39.133{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-25524-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186965Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:43.032{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186964Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:43.032{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186963Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:43.032{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186962Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:24:43.016{E74F01E8-8FBD-6086-0B00-00000000BA01}5844412C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000186967Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:40.853{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-38949-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186968Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:42.849{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53350-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186969Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:44.943{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8172-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186970Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:46.765{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-21164-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186972Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:50.151{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-47327-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186971Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:48.741{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-34626-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186973Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:52.087{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-1382-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186974Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:53.740{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-14806-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223183Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:24:55.566{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6734-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186975Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:55.846{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28429-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223184Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:24:58.466{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in16036-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000186977Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:58.014{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in29508-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186976Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:57.417{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41533-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186980Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:25:03.485{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186979Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:25:03.485{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186978Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:25:03.485{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186981Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:24:59.239{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54567-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186982Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:01.309{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-9102-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186983Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:03.191{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-23394-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223191Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:25:04.139{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse60.212.188.227-49794-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000223190Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:08.046{4C77B871-29F4-6089-C952-00000000BB01}26446128C:\Windows\system32\conhost.exe{4C77B871-29F4-6089-C852-00000000BB01}5316C:\Windows\system32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223189Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:08.015{4C77B871-9761-6086-0500-00000000BB01}372388C:\Windows\system32\csrss.exe{4C77B871-29F4-6089-C952-00000000BB01}2644C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000223188Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:08.015{4C77B871-9761-6086-0500-00000000BB01}372948C:\Windows\system32\csrss.exe{4C77B871-29F4-6089-C852-00000000BB01}5316C:\Windows\system32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000223187Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:08.015{4C77B871-9763-6086-1500-00000000BB01}10524512C:\Windows\system32\svchost.exe{4C77B871-29F4-6089-C852-00000000BB01}5316C:\Windows\system32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a7a1|c:\windows\system32\UBPM.dll+fa34|c:\windows\system32\UBPM.dll+cdcc|c:\windows\system32\UBPM.dll+d395|c:\windows\system32\UBPM.dll+dc95|c:\windows\system32\UBPM.dll+e9dd|c:\windows\system32\UBPM.dll+e1ba|c:\windows\system32\UBPM.dll+de12|c:\windows\system32\EventAggregation.dll+3e22|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b55|C:\Windows\SYSTEM32\ntdll.dll+6585d|C:\Windows\SYSTEM32\ntdll.dll+656c0|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223186Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:08.015{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1500-00000000BB01}1052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223185Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:08.015{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1500-00000000BB01}1052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186984Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:04.931{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-36603-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186985Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:07.097{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-51589-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186986Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:08.674{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-5760-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000223227Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223226Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223225Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223224Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223223Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223222Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223221Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223220Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223219Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223218Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223217Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223216Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223215Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223214Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223213Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223212Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223211Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223210Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223209Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223208Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223207Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223206Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223205Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223204Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223203Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223202Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223201Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223200Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223199Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223198Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223197Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223196Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223195Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223194Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223193Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223192Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:25:13.015{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186987Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:10.814{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-19079-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186988Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:12.561{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-33627-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186992Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:14.608{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-47378-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000186991Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:25:18.296{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186990Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:25:18.296{E74F01E8-8FBF-6086-0C00-00000000BA01}7761072C:\Windows\system32\svchost.exe{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000186989Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:25:18.296{E74F01E8-8FBD-6086-0B00-00000000BA01}5844412C:\Windows\system32\lsass.exe{E74F01E8-8FBD-6086-0A00-00000000BA01}576C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000186993Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:16.368{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2192-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186994Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:18.445{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15590-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186995Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:20.263{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-29469-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186996Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:21.651{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41953-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186997Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:24.255{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-58658-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186998Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:26.114{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in23433-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000186999Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:26.400{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15096-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223228Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:25:26.542{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in23198-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187000Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:28.214{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28641-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223229Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:25:29.434{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3374-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187001Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:29.893{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41008-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187002Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:32.518{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-55327-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187003Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:33.885{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-10174-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187004Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:35.647{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22832-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187005Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:37.479{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-36648-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000187006Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:25:43.862{E74F01E8-8FBF-6086-0D00-00000000BA01}8324172C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1600-00000000BA01}1192C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000187007Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:39.626{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-50591-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187008Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:41.430{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4528-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187009Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:43.720{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18214-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187010Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:45.241{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30255-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187011Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:47.347{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-43283-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187012Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:49.205{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-57494-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223230Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:25:49.169{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk8009-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187013Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:51.198{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13111-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187014Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:53.154{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27141-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187015Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:54.147{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in6654-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187016Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:55.305{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41601-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223231Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:25:54.562{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in21078-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187017Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:57.499{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-56181-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187018Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:25:59.434{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-12359-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187020Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:01.131{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-25422-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000187019Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:26:04.206{E74F01E8-8FBD-6086-0B00-00000000BA01}5841960C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000187021Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:03.418{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39869-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000223234Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:26:08.048{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223233Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:26:08.048{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223232Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:26:08.048{4C77B871-9761-6086-0B00-00000000BB01}5882356C:\Windows\system32\lsass.exe{4C77B871-9761-6086-0A00-00000000BB01}580C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000187022Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:04.964{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-52232-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187023Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:06.274{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4807-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187024Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:08.836{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-19468-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187025Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:10.918{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-33777-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187026Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:12.794{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-48290-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187027Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:14.800{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2898-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223235Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:26:15.927{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk1611-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187028Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:16.198{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16846-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000223245Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:26:23.423{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000223244Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:26:23.423{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a0db6ba) 13241300x8000000000000000223243Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:26:23.423{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c08-0x2c2d795a) 13241300x8000000000000000223242Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:26:23.423{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c10-0x8df1e15a) 13241300x8000000000000000223241Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:26:23.423{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c18-0xefb6495a) 13241300x8000000000000000223240Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:26:23.423{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000223239Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:26:23.423{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a0db6ba) 13241300x8000000000000000223238Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:26:23.423{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c08-0x2c2d795a) 13241300x8000000000000000223237Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:26:23.423{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c10-0x8df1e15a) 13241300x8000000000000000223236Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:26:23.423{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c18-0xefb6495a) 354300x8000000000000000187029Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:18.482{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30854-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187030Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:20.254{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-45297-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223246Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:26:22.687{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in47596-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187031Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:22.254{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in1828-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187032Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:22.613{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59667-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187033Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:23.978{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-14158-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187034Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:25.926{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-26323-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187035Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:27.640{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39761-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187036Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:29.365{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-52437-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187037Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:31.064{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-5176-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187038Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:33.064{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18483-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187039Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:34.871{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-32455-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187040Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:36.650{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-46352-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187041Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:38.583{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-1506-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000223247Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:26:43.767{4C77B871-9763-6086-1400-00000000BB01}1028C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c10-0x9a5d5a30) 354300x8000000000000000187042Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:40.553{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15089-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187043Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:42.311{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28387-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223248Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:26:42.673{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6841-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187044Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:44.300{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42807-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187045Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:46.139{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-57340-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187046Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:48.141{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-12619-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187048Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:50.428{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in18103-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187047Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:50.189{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28051-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223249Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:26:50.859{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in55873-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187049Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:52.152{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40961-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187050Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:54.076{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54735-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187051Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:55.975{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-9997-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187052Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:57.795{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-24206-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187053Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:26:59.769{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-38321-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187054Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:01.658{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-50289-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187055Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:03.580{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-6022-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187056Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:05.468{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18945-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187057Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:06.482{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse39.129.165.93-64596-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223250Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:27:07.875{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk2089-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187058Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:07.353{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-34459-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000187062Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:14.426{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000187061Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:14.410{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Config SourceDWORD (0x00000001) 13241300x8000000000000000187060Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:14.410{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_4FA15643-EFBD-40F1-AD20-B67AEE8B2612.XML 354300x8000000000000000187059Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:09.152{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-48285-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000223286Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223285Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223284Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223283Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223282Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223281Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223280Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223279Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223278Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223277Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223276Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223275Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223274Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223273Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223272Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223271Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223270Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223269Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223268Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223267Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223266Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223265Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223264Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223263Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223262Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223261Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223260Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223259Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223258Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223257Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223256Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223255Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223254Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223253Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223252Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223251Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:14.018{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000187063Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:11.021{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2734-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187064Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:12.833{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16246-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223287Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:27:14.757{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-16458-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187065Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:14.685{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30251-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187066Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:16.478{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44116-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187067Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:18.548{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-58045-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223288Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:27:18.985{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in25014-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187068Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:18.552{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in63429-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187069Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:20.323{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-14083-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000223291Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:25.425{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223290Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:25.425{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223289Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:27:25.425{4C77B871-9762-6086-0C00-00000000BB01}6885168C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000187070Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:22.414{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27616-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187072Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:25.127{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-32334-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187071Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:24.183{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41677-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223292Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:27:25.555{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse45.155.205.159-32312-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187073Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:25.994{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54949-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187074Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:27.782{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-9926-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187075Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:29.733{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-24118-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187076Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:31.585{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39525-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223293Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:27:30.734{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6754-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187077Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:33.449{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-52521-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187078Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:35.320{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8289-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187079Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:37.382{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22952-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187080Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:39.208{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-35483-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187081Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:41.407{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-51988-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187082Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:43.184{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-7319-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000187092Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:48.054{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000187091Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:48.054{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a2cdc2d) 13241300x8000000000000000187090Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:48.054{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c08-0x5dbf42e0) 13241300x8000000000000000187089Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:48.054{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c10-0xbf83aae0) 13241300x8000000000000000187088Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:48.054{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c19-0x214812e0) 13241300x8000000000000000187087Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:48.054{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000187086Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:48.054{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a2cdc2d) 13241300x8000000000000000187085Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:48.054{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c08-0x5dbf42e0) 13241300x8000000000000000187084Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:48.054{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c10-0xbf83aae0) 13241300x8000000000000000187083Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:27:48.054{E74F01E8-8FBD-6086-0B00-00000000BA01}584C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c19-0x214812e0) 354300x8000000000000000187093Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:45.022{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-21254-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187095Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:46.679{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-33787-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187094Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:46.668{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in39411-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223294Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:27:47.097{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in24909-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187096Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:48.691{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-47762-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187097Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:50.475{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-1197-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187098Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:52.222{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16097-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187099Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:54.122{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30234-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223295Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:27:53.726{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11457-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187100Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:55.971{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-43074-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187101Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:57.874{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-57745-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187102Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:27:59.925{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13967-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187103Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:02.203{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-29157-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187104Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:03.989{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42780-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187105Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:05.907{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-57037-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187106Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:07.779{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13320-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187107Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:09.529{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-25846-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187108Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:11.247{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-38584-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223296Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:28:15.215{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in53076-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187109Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:13.369{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-52771-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000187112Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:28:19.602{E74F01E8-8FC0-6086-1300-00000000BA01}364C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c10-0xd37c9f73) 354300x8000000000000000187111Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:15.068{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-7098-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187110Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:14.800{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in1473-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187113Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:17.098{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-21477-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187114Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:19.092{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-37123-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223297Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:28:21.609{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6128-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187115Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:20.984{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-50711-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187116Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:22.731{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4635-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187117Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:24.531{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18123-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187118Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:26.474{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-32723-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187119Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:28.315{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-46629-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187120Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:30.157{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59906-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187121Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:32.278{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-15665-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187122Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:34.280{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-32346-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187123Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:36.062{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44850-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187125Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:37.881{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-58425-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187124Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:37.210{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse106.120.139.1818.139.120.106.static.bjtelecom.net59554-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187126Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:39.770{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13398-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187127Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:41.663{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28251-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223298Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:28:43.350{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in53643-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187129Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:43.563{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42078-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187128Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:42.916{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in35298-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187130Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:45.316{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-55378-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187131Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:46.622{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8832-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223299Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:28:48.813{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14523-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187132Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:49.231{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-23212-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187133Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:51.106{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-38335-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187134Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:52.591{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-50701-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187135Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:54.168{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4662-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187136Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:55.779{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16425-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187137Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:57.413{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28470-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187138Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:28:59.313{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-41216-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187139Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:01.020{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54667-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187140Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:02.851{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8802-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187141Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:04.517{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22006-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187142Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:05.590{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse203.202.255.193203-202-255-193.aamranetworks.com58715-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187144Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:06.636{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-36076-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187143Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:06.538{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse185.202.2.147-50251-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187145Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:08.394{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-48296-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187146Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:10.291{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-3744-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223336Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:29:11.502{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in4245-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000223335Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223334Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223333Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223332Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223331Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223330Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223329Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223328Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223327Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223326Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223325Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223324Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223323Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223322Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223321Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223320Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223319Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223318Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223317Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223316Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223315Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223314Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223313Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223312Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223311Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223310Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223309Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223308Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223307Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223306Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223305Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223304Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223303Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223302Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223301Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223300Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:29:15.023{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000187147Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:11.067{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in12670-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223337Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:29:13.740{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6388-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187148Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:12.353{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18977-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187149Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:14.518{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-33879-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000187150Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:29:20.713{E74F01E8-8FC0-6086-1300-00000000BA01}364C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d73c10-0xf7e989cf) 354300x8000000000000000187151Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:16.083{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-46064-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187152Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:18.188{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59829-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187153Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:20.004{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13742-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187154Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:22.096{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28652-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187155Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:23.514{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42077-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187156Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:25.152{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-54920-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187157Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:26.986{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8763-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187158Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:28.393{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-19708-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223338Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:29:28.703{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse203.202.255.193203-202-255-193.aamranetworks.com52815-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187159Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:30.605{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-33613-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187160Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:32.294{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-46868-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187161Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:34.105{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59752-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187162Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:35.897{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13101-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187163Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:37.658{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-25136-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223339Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:29:37.898{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk11994-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000223340Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:29:39.559{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in8805-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187184Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:39.672{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40200-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187183Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:39.101{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in36337-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000187182Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.152{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187181Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.152{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187180Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.152{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187179Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.152{E74F01E8-8FBD-6086-0B00-00000000BA01}5844816C:\Windows\system32\lsass.exe{E74F01E8-8FBA-6086-0100-00000000BA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000187178Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187177Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187176Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187175Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187174Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187173Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187172Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187171Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187170Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187169Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187168Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187167Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187166Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187165Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187164Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:29:43.043{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1400-00000000BA01}1044C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000187185Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:41.757{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-55946-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187186Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:43.794{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-11781-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187187Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:45.764{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-25213-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187188Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:47.838{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-39553-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187189Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:49.578{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53701-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187190Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:51.565{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-8293-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187191Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:53.327{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22341-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187192Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:55.362{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-36915-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187193Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:57.174{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-50442-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187194Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:29:58.598{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-5207-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000187197Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:30:03.496{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187196Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:30:03.496{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187195Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:30:03.496{E74F01E8-8FBF-6086-0C00-00000000BA01}7764984C:\Windows\system32\svchost.exe{E74F01E8-8FC0-6086-1500-00000000BA01}1156C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000187198Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:00.587{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18511-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223341Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:30:01.423{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk3230-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187199Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:03.137{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-33577-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187200Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:04.655{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-47515-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187201Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:06.559{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59938-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223342Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:30:07.685{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in49094-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187202Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:07.238{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in4345-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187203Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:08.444{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-14459-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187204Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:10.203{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27338-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187205Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:12.068{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-40884-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187206Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:13.585{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-53335-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187207Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:15.298{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-6183-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187208Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:17.584{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-22171-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187209Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:19.554{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-35292-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187210Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:21.625{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-50485-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187211Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:23.217{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4559-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187212Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:25.164{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18922-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223343Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:30:25.535{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk7892-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187213Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:26.819{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-31280-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187214Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:28.957{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44740-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187215Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:30.688{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-58241-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187216Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:32.693{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-13404-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223344Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:30:35.727{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in28671-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187218Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:35.304{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in40086-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187217Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:34.610{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-28262-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187219Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:36.693{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-42701-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187220Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:38.622{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-56182-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187221Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:40.855{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-11770-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187222Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:42.335{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-24814-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187223Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:44.234{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-38683-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187224Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:46.655{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-52605-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187225Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:48.318{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-6118-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187226Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:49.786{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-18154-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223345Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:30:51.704{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk14083-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187227Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:51.986{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-31640-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187228Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:54.177{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-46692-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187229Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:55.854{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-1419-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187230Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:57.976{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-14324-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187231Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:30:59.789{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-27636-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187232Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:01.931{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-43381-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187234Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:03.549{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-56311-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187233Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:03.323{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in42627-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223346Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:31:03.773{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in31920-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187235Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:05.778{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-11627-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187236Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:07.826{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-26819-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187237Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:09.478{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-38598-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187238Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:11.568{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-52595-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 10341000x8000000000000000223382Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223381Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223380Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223379Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223378Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223377Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223376Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223375Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F13-6087-FB10-00000000BB01}3796C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223374Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223373Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223372Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223371Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223370Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223369Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223368Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223367Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223366Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223365Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223364Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223363Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223362Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223361Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223360Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223359Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223358Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223357Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223356Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223355Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F0D-6087-EB10-00000000BB01}2912C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223354Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223353Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223352Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223351Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223350Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223349Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223348Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223347Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:31:16.036{4C77B871-9762-6086-0D00-00000000BB01}740768C:\Windows\system32\svchost.exe{4C77B871-1F14-6087-FC10-00000000BB01}4256C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000223383Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:31:14.098{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk4032-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187239Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:13.500{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-5439-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187240Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:15.436{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-20295-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187241Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:17.565{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-34603-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 13241300x8000000000000000223393Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:31:23.427{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000223392Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:31:23.427{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a124a9a) 13241300x8000000000000000223391Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:31:23.427{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c08-0xdefdd75a) 13241300x8000000000000000223390Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:31:23.427{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c11-0x40c23f5a) 13241300x8000000000000000223389Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:31:23.427{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c19-0xa286a75a) 13241300x8000000000000000223388Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:31:23.427{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000223387Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:31:23.427{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0a124a9a) 13241300x8000000000000000223386Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:31:23.427{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d73c08-0xdefdd75a) 13241300x8000000000000000223385Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:31:23.427{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d73c11-0x40c23f5a) 13241300x8000000000000000223384Microsoft-Windows-Sysmon/Operationalproject-london-host-SetValue2021-04-28 09:31:23.427{4C77B871-9761-6086-0B00-00000000BB01}588C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d73c19-0xa286a75a) 354300x8000000000000000187242Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:19.422{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-49191-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187243Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:21.743{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-4880-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187244Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:23.933{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-20797-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187245Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:26.077{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-34421-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187246Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:28.047{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-48995-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187247Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:30.180{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-5026-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223394Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:31:31.862{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in4210-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187248Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:31.455{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in23236-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187249Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:32.210{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-19278-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187250Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:34.029{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-33485-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223395Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:31:35.332{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk4185-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187251Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:35.906{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-47457-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187252Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:37.816{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-2421-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187253Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:39.947{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-16729-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187254Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:41.788{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-30865-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187255Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:43.679{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-44914-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000187256Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:45.494{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse91.220.163.140-59023-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223396Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:31:49.740{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk4605-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000187257Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:31:59.530{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in58654-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223397Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:31:59.974{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in11631-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000223398Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:32:07.541{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk5652-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 13241300x8000000000000000187260Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:32:16.295{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x8000000000000000187259Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:32:16.295{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Config SourceDWORD (0x00000001) 13241300x8000000000000000187258Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:32:16.295{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\4FA15643-EFBD-40F1-AD20-B67AEE8B2612\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_4FA15643-EFBD-40F1-AD20-B67AEE8B2612.XML 10341000x8000000000000000223401Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:32:25.431{4C77B871-9762-6086-0C00-00000000BB01}6883148C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223400Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:32:25.431{4C77B871-9762-6086-0C00-00000000BB01}6883148C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000223399Microsoft-Windows-Sysmon/Operationalproject-london-host-2021-04-28 09:32:25.431{4C77B871-9762-6086-0C00-00000000BB01}6883148C:\Windows\system32\svchost.exe{4C77B871-9763-6086-1300-00000000BB01}316C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000187261Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.localRDP2021-04-28 09:32:27.633{E74F01E8-8FC0-6086-0F00-00000000BA01}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in51943-false10.0.1.14project-london-dc.iris.local3389ms-wbt-server 354300x8000000000000000223403Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:32:28.067{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse122.186.14.34nsg-corporate-34.14.186.122.airtel.in27487-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 354300x8000000000000000223402Microsoft-Windows-Sysmon/Operationalproject-london-hostRDP2021-04-28 09:32:28.066{4C77B871-9762-6086-1000-00000000BB01}888C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse82.102.13.66h82-102-13-66.host.redstation.co.uk6021-false10.0.1.15project-london-host.eu-west-2.compute.internal3389ms-wbt-server 10341000x8000000000000000187263Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:32:43.187{E74F01E8-8FC0-6086-1600-00000000BA01}11921836C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000187262Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-2021-04-28 09:32:43.187{E74F01E8-8FC0-6086-1600-00000000BA01}11921836C:\Windows\system32\svchost.exe{E74F01E8-8FCD-6086-2400-00000000BA01}2244C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000187275Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:32:43.999{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x8000000000000000187274Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:32:43.999{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\IsServerNapAwareDWORD (0x00000000) 13241300x8000000000000000187273Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:32:43.999{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\AddressTypeDWORD (0x00000000) 13241300x8000000000000000187272Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue2021-04-28 09:32:43.999{E74F01E8-8FC0-6086-1200-00000000BA01}376C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194ab7ba-0c23-434c-9b68-dc3b107f45d2}\LeaseTerminatesTimeDWORD (0x608939cb) 13241300x8000000000000000187271Microsoft-Windows-Sysmon/Operationalproject-london-dc.iris.local-SetValue