admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '722ce731f3'
${ noResults }
Deploiement_Server/deployment-apps/Splunk_Security_Essentials/lookups/UC_wmi.csv

1.9 KiB
Raw Blame History

1_timehostImageCommandLineEventCode
22017-05-22T04:36:54.000+0000we8105deskwmic.exewmic.exe we1149srv /node: we1149srv /user user /password process call create c:\malware.exe1
32017-05-22T04:36:54.000+0000we8105deskcalc.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{1EF75F33-893B-4E8F-9655-C3D602BA4897}1
42017-05-22T04:36:54.000+0000we1149srvcalc.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding1
52017-05-22T04:36:54.000+0000we1149srvcalc.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding1
62017-05-22T04:36:54.000+0000we8105deskcalc.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding1
72017-05-22T04:36:54.000+0000we8105deskcalc.exe"C:\Windows\system32\w32tm.exe" /stripchart /computer:we9041srv.waynecorpinc.local /dataonly /samples:11
82017-05-22T04:36:54.000+0000we8105deskcalc.exe"C:\Windows\system32\PING.EXE" we9041srv.waynecorpinc.local /n 21
92017-05-22T04:36:54.000+0000we8105deskcalc.exe"C:\Windows\system32\w32tm.exe" /query /source1
102017-05-22T04:36:54.000+0000we8105deskcalc.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\BOBSMI~1.WAY\AppData\Local\Temp\RES958E.tmp" "c:\Users\bob.smith.WAYNECORPINC\AppData\Local\Temp\CSC958D.tmp"1
112017-05-22T04:36:54.000+0000we8105deskcalc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\bob.smith.WAYNECORPINC\AppData\Local\Temp\l62oeljq.cmdline"1
122017-05-22T04:36:54.000+0000we8105deskcalc.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding1
132017-05-22T04:36:54.000+0000we8105deskcalc.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\BOBSMI~1.WAY\AppData\Local\Temp\RES93AA.tmp" "c:\Users\bob.smith.WAYNECORPINC\AppData\Local\Temp\CSC93A9.tmp"1