You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11 KiB
11 KiB
| 1 | _time | host | EventCode | user | New_Process_ID | New_Process_Name |
|---|---|---|---|---|---|---|
| 2 | 2016-11-02T13:13:45.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xef8 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe |
| 3 | 2016-11-02T12:54:47.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1630 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 4 | 2016-11-02T12:11:47.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1514 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-netmon.exe |
| 5 | 2016-11-01T23:51:57.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xd34 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe |
| 6 | 2016-11-01T23:46:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xbc4 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe |
| 7 | 2016-11-02T05:07:57.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xe3c | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 8 | 2016-11-01T21:52:58.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xd28 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 9 | 2016-11-02T13:17:45.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x658 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe |
| 10 | 2016-11-02T12:22:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x104c | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe |
| 11 | 2016-11-02T00:00:06.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1124 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winprintmon.exe |
| 12 | 2016-11-02T08:32:45.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x13f8 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 13 | 2016-11-02T09:54:48.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1004 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-netmon.exe |
| 14 | 2016-11-02T08:12:16.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xc48 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winprintmon.exe |
| 15 | 2016-11-02T11:33:44.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1444 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe |
| 16 | 2016-11-02T12:18:57.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xb18 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe |
| 17 | 2016-11-02T11:32:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xb20 | C:\Windows\System32\cmd.exe |
| 18 | 2016-11-02T07:11:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xe9c | C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe |
| 19 | 2016-11-02T05:27:44.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x9c0 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winhostinfo.exe |
| 20 | 2016-11-02T05:06:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xed8 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 21 | 2016-11-02T12:59:09.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x104c | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winprintmon.exe |
| 22 | 2016-11-02T13:09:19.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x11f8 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 23 | 2016-11-02T02:41:36.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x788 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 24 | 2016-11-02T01:11:37.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x2b4 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 25 | 2016-11-01T22:59:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xa24 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe |
| 26 | 2016-11-01T20:31:46.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1320 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe |
| 27 | 2016-11-02T03:52:57.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x1ad8 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe |
| 28 | 2016-11-02T01:41:56.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xc98 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe |
| 29 | 2016-11-02T10:32:48.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1760 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 30 | 2016-11-02T09:01:48.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x16c4 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 31 | 2016-11-02T10:24:16.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1128 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winprintmon.exe |
| 32 | 2016-11-02T08:46:48.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x17b8 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-netmon.exe |
| 33 | 2016-11-02T08:13:12.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xe14 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 34 | 2016-11-02T06:14:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x1334 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe |
| 35 | 2016-11-01T21:01:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x96c | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 36 | 2016-11-01T18:24:59.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x1a60 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-netmon.exe |
| 37 | 2016-11-02T06:44:35.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xab4 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 38 | 2016-11-02T05:13:06.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x16e8 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-netmon.exe |
| 39 | 2016-11-01T16:57:06.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xb5c | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-MonitorNoHandle.exe |
| 40 | 2016-11-02T06:08:57.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x1b1c | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 41 | 2016-11-02T04:12:06.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1214 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-netmon.exe |
| 42 | 2016-11-02T04:09:46.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xe5c | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winhostinfo.exe |
| 43 | 2016-11-02T00:23:56.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xa6c | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 44 | 2016-11-02T00:16:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x19f0 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 45 | 2016-11-01T16:14:00.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x16ac | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-netmon.exe |
| 46 | 2016-11-01T19:29:47.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xb68 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winhostinfo.exe |
| 47 | 2016-11-02T03:30:06.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xd68 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-MonitorNoHandle.exe |
| 48 | 2016-11-02T02:26:37.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xd94 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winprintmon.exe |
| 49 | 2016-11-02T01:18:00.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xb58 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winhostinfo.exe |
| 50 | 2016-11-02T11:24:11.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xf4 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winprintmon.exe |
| 51 | 2016-11-02T10:06:45.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1750 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 52 | 2016-11-01T15:03:57.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xad4 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 53 | 2016-11-02T07:44:44.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1148 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe |
| 54 | 2016-11-01T19:37:58.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x1a40 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 55 | 2016-11-01T19:37:56.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xb34 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winhostinfo.exe |
| 56 | 2016-11-01T18:14:56.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1258 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 57 | 2016-11-01T16:37:59.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x394 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| 58 | 2016-11-01T16:37:59.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xc91 | C:\Windows\System32\sc.exe |
| 59 | 2016-11-01T16:38:01.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x3de | C:\Windows\System32\net.exe |
| 60 | 2016-11-01T16:38:01.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xfc1 | C:\Windows\System32\quser.exe |
| 61 | 2016-11-01T16:38:01.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x38a | C:\Windows\System32\tasklist.exe |
| 62 | 2016-11-01T16:38:02.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x83b | C:\Windows\System32\ipconfig.exe |
| 63 | 2016-11-01T16:37:00.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x35c | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 64 | 2016-11-01T16:21:36.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xd4 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-MonitorNoHandle.exe |
| 65 | 2016-11-01T17:49:36.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x11b0 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 66 | 2016-11-01T16:51:00.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x1830 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winprintmon.exe |
| 67 | 2016-11-02T05:35:35.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xe6c | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-regmon.exe |
| 68 | 2016-11-01T19:05:36.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x848 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-netmon.exe |
| 69 | 2016-11-01T18:08:00.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x624 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winhostinfo.exe |
| 70 | 2016-11-01T17:17:41.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x9cc | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-netmon.exe |
| 71 | 2016-11-01T14:50:57.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x1850 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe |
| 72 | 2016-11-01T13:30:57.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x994 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe |
| 73 | 2016-11-02T08:07:47.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xb3c | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe |
| 74 | 2016-11-02T01:45:56.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xa20 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe |
| 75 | 2016-11-02T01:43:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x16dc | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 76 | 2016-11-01T23:55:44.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x12c4 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 77 | 2016-11-01T23:14:56.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1368 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 78 | 2016-11-01T23:04:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x12c4 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe |
| 79 | 2016-11-01T18:30:06.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xcb0 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-netmon.exe |
| 80 | 2016-11-01T17:35:05.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x1710 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-MonitorNoHandle.exe |
| 81 | 2016-11-01T17:20:33.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x16b4 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winhostinfo.exe |
| 82 | 2016-11-02T12:47:50.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x116c | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winhostinfo.exe |
| 83 | 2016-11-02T10:57:58.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x13bc | C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe |
| 84 | 2016-11-02T07:29:46.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x6a8 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winhostinfo.exe |
| 85 | 2016-11-01T23:38:45.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xa20 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe |
| 86 | 2016-11-01T22:11:56.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0x404 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe |
| 87 | 2016-11-02T06:22:46.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x125c | C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe |
| 88 | 2016-11-02T03:57:45.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xab0 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe |
| 89 | 2016-11-01T17:47:59.000-0700 | USEXCH-1 | 4688 | USEXCH-1$ | 0xf40 | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-winhostinfo.exe |
| 90 | 2016-11-01T15:05:06.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0xf8c | C:\Program Files\SplunkForwarderForSplunkInc\bin\splunk-netmon.exe |
| 91 | 2016-11-01T14:28:57.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x138 | C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe |
| 92 | 2016-11-01T14:16:12.000-0700 | USEXCH-2 | 4688 | USEXCH-2$ | 0x838 | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |