host,"New_Process_Name",source,EventCode
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\taskhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\w32tm.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\PING.EXE","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\w32tm.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\sdiagnhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\svchost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\taskhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\VSSVC.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\mcbuilder.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\rundll32.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\lpremove.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\rundll32.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\sc.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\svchost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\taskhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\Defrag.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\aitagent.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\rundll32.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\taskhost.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\PING.EXE","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\taskkill.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wscript.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files (x86)\Internet Explorer\iexplore.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\notepad.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files (x86)\Internet Explorer\iexplore.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files (x86)\Internet Explorer\iexplore.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\explorer.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\taskhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\audiodg.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\rundll32.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\DeviceDisplayObjectProvider.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\DeviceDisplayObjectProvider.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files (x86)\Internet Explorer\iexplore.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files (x86)\Internet Explorer\iexplore.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\rundll32.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\explorer.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\audiodg.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\explorer.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\slui.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\bcdedit.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\bcdedit.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WMIC.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\svchost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\VSSVC.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\vssadmin.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\consent.exe","WinEventLog:Security",4688
we8105desk,"C:\Users\bob.smith.WAYNECORPINC\AppData\Roaming\{35ACA89F-933F-6A5D-2776-A3589FB99832}\osk.exe","WinEventLog:Security",4688
we8105desk,"C:\Users\bob.smith.WAYNECORPINC\AppData\Roaming\{35ACA89F-933F-6A5D-2776-A3589FB99832}\osk.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\QqJXZrBKCk72XzRgZs\AdapterTroubleshooter.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\consent.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\QqJXZrBKCk72XzRgZs\AdapterTroubleshooter.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\consent.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\consent.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\consent.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\explorer.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Users\bob.smith.WAYNECORPINC\AppData\Roaming\{35ACA89F-933F-6A5D-2776-A3589FB99832}\osk.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\PING.EXE","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\taskkill.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\cmd.exe","WinEventLog:Security",4688
we8105desk,"C:\Users\bob.smith.WAYNECORPINC\AppData\Roaming\{35ACA89F-933F-6A5D-2776-A3589FB99832}\osk.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Users\bob.smith.WAYNECORPINC\AppData\Roaming\121214.tmp","WinEventLog:Security",4688
we8105desk,"C:\Users\bob.smith.WAYNECORPINC\AppData\Roaming\121214.tmp","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\cmd.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\explorer.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\splwow64.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\wscript.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\cmd.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WMIADAP.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE","WinEventLog:Security",4688
we8105desk,"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\SysWOW64\dllhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\explorer.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\audiodg.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\dwm.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\LogonUI.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\winlogon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\csrss.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\smss.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\choice.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\dwm.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\LogonUI.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\winlogon.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\csrss.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\smss.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\tenable_mw_scan_142a90001fb65e0beb1751cc8c63edd0.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\sc.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\choice.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\schtasks.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\tenable_mw_scan_142a90001fb65e0beb1751cc8c63edd0.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\sc.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\netsh.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\netsh.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\schtasks.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\tasklist.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\svchost.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\netsh.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\netsh.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\svchost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\netsh.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\servicing\TrustedInstaller.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\NETSTAT.EXE","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchFilterHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\SearchProtocolHost.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we8105desk,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\inetsrv\w3wp.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\tasklist.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\netsh.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_fa1dc1539b4180d8\TiWorker.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\servicing\TrustedInstaller.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\sppsvc.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\NETSTAT.EXE","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\conhost.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\cmd.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we9041srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Windows\System32\wbem\WmiPrvSE.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we9041srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we1149srv,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe","WinEventLog:Security",4688
we8105desk,"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe","WinEventLog:Security",4688