DateTime,timestamp,EventID,ProcessName,User,ParentProcessName,RawLog 2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329925 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x24e0 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-5-19 LOCAL SERVICE NT AUTHORITY 0x3e5 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329921 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x1494 C:\Windows\System32\lsass.exe %%1936 0x27c S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 C:\Windows\System32\lsass.exe S-1-16-16384 " 2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," 4688 2 0 13312 0 0x8020000000000000 329920 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x11e4 C:\Windows\System32\conhost.exe %%1936 0x17b8 S-1-0-0 - - 0x0 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe S-1-16-12288 " 2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329919 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x17b8 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1936 0x27c S-1-0-0 IEUser MSEDGEWIN10 0x16e3db3 C:\Windows\System32\lsass.exe S-1-16-12288 " 2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329916 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x1bc4 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-0-0 - - 0x0 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," 4688 2 0 13312 0 0x8020000000000000 329914 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 0x21a4 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1937 0x2480 S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-12288 " 2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329925 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x24e0 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-5-19 LOCAL SERVICE NT AUTHORITY 0x3e5 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329921 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x1494 C:\Windows\System32\lsass.exe %%1936 0x27c S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 C:\Windows\System32\lsass.exe S-1-16-16384 " 2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," 4688 2 0 13312 0 0x8020000000000000 329920 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x11e4 C:\Windows\System32\conhost.exe %%1936 0x17b8 S-1-0-0 - - 0x0 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe S-1-16-12288 " 2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329919 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x17b8 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1936 0x27c S-1-0-0 IEUser MSEDGEWIN10 0x16e3db3 C:\Windows\System32\lsass.exe S-1-16-12288 " 2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329916 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x1bc4 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-0-0 - - 0x0 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," 4688 2 0 13312 0 0x8020000000000000 329914 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 0x21a4 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1937 0x2480 S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-12288 " 2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329925 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x24e0 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-5-19 LOCAL SERVICE NT AUTHORITY 0x3e5 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329921 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x1494 C:\Windows\System32\lsass.exe %%1936 0x27c S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 C:\Windows\System32\lsass.exe S-1-16-16384 " 2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," 4688 2 0 13312 0 0x8020000000000000 329920 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x11e4 C:\Windows\System32\conhost.exe %%1936 0x17b8 S-1-0-0 - - 0x0 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe S-1-16-12288 " 2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329919 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x17b8 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1936 0x27c S-1-0-0 IEUser MSEDGEWIN10 0x16e3db3 C:\Windows\System32\lsass.exe S-1-16-12288 " 2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329916 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x1bc4 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-0-0 - - 0x0 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," 4688 2 0 13312 0 0x8020000000000000 329914 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 0x21a4 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1937 0x2480 S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-12288 " 2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329925 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x24e0 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-5-19 LOCAL SERVICE NT AUTHORITY 0x3e5 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329921 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x1494 C:\Windows\System32\lsass.exe %%1936 0x27c S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 C:\Windows\System32\lsass.exe S-1-16-16384 " 2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," 4688 2 0 13312 0 0x8020000000000000 329920 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x11e4 C:\Windows\System32\conhost.exe %%1936 0x17b8 S-1-0-0 - - 0x0 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe S-1-16-12288 " 2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329919 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x17b8 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1936 0x27c S-1-0-0 IEUser MSEDGEWIN10 0x16e3db3 C:\Windows\System32\lsass.exe S-1-16-12288 " 2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329916 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x1bc4 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-0-0 - - 0x0 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," 4688 2 0 13312 0 0x8020000000000000 329914 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 0x21a4 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1937 0x2480 S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-12288 " 2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329925 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x24e0 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-5-19 LOCAL SERVICE NT AUTHORITY 0x3e5 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329921 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x1494 C:\Windows\System32\lsass.exe %%1936 0x27c S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 C:\Windows\System32\lsass.exe S-1-16-16384 " 2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," 4688 2 0 13312 0 0x8020000000000000 329920 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x11e4 C:\Windows\System32\conhost.exe %%1936 0x17b8 S-1-0-0 - - 0x0 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe S-1-16-12288 " 2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329919 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x17b8 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1936 0x27c S-1-0-0 IEUser MSEDGEWIN10 0x16e3db3 C:\Windows\System32\lsass.exe S-1-16-12288 " 2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329916 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x1bc4 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-0-0 - - 0x0 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," 4688 2 0 13312 0 0x8020000000000000 329914 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 0x21a4 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1937 0x2480 S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-12288 " 2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329925 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x24e0 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-5-19 LOCAL SERVICE NT AUTHORITY 0x3e5 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329921 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x1494 C:\Windows\System32\lsass.exe %%1936 0x27c S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 C:\Windows\System32\lsass.exe S-1-16-16384 " 2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," 4688 2 0 13312 0 0x8020000000000000 329920 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x11e4 C:\Windows\System32\conhost.exe %%1936 0x17b8 S-1-0-0 - - 0x0 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe S-1-16-12288 " 2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329919 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x17b8 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1936 0x27c S-1-0-0 IEUser MSEDGEWIN10 0x16e3db3 C:\Windows\System32\lsass.exe S-1-16-12288 " 2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329916 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x1bc4 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-0-0 - - 0x0 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," 4688 2 0 13312 0 0x8020000000000000 329914 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 0x21a4 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1937 0x2480 S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-12288 " 2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329925 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x24e0 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-5-19 LOCAL SERVICE NT AUTHORITY 0x3e5 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329921 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x1494 C:\Windows\System32\lsass.exe %%1936 0x27c S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 C:\Windows\System32\lsass.exe S-1-16-16384 " 2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," 4688 2 0 13312 0 0x8020000000000000 329920 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x11e4 C:\Windows\System32\conhost.exe %%1936 0x17b8 S-1-0-0 - - 0x0 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe S-1-16-12288 " 2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329919 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x17b8 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1936 0x27c S-1-0-0 IEUser MSEDGEWIN10 0x16e3db3 C:\Windows\System32\lsass.exe S-1-16-12288 " 2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329916 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x1bc4 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-0-0 - - 0x0 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," 4688 2 0 13312 0 0x8020000000000000 329914 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 0x21a4 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1937 0x2480 S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-12288 " 2022-05-01T08:42:06.656542+04:00,1651380126.656542,4688,C:\Windows\System32\notepad.exe,WIND10$,C:\Windows\System32\wbem\WmiPrvSE.exe," 4688 2 0 13312 0 0x8020000000000000 21374 Security wind10.winlab.local S-1-5-20 WIND10$ WINLAB 0x3e4 0x1dc C:\Windows\System32\notepad.exe %%1936 0xe8c S-1-0-0 Administrator WINLAB.LOCAL 0x82215a C:\Windows\System32\wbem\WmiPrvSE.exe S-1-16-12288 " 2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329925 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x24e0 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-5-19 LOCAL SERVICE NT AUTHORITY 0x3e5 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329921 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x1494 C:\Windows\System32\lsass.exe %%1936 0x27c S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 C:\Windows\System32\lsass.exe S-1-16-16384 " 2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," 4688 2 0 13312 0 0x8020000000000000 329920 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x11e4 C:\Windows\System32\conhost.exe %%1936 0x17b8 S-1-0-0 - - 0x0 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe S-1-16-12288 " 2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329919 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x17b8 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1936 0x27c S-1-0-0 IEUser MSEDGEWIN10 0x16e3db3 C:\Windows\System32\lsass.exe S-1-16-12288 " 2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329916 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x1bc4 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-0-0 - - 0x0 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," 4688 2 0 13312 0 0x8020000000000000 329914 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 0x21a4 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1937 0x2480 S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-12288 " 2022-05-01T08:42:06.656542+04:00,1651380126.656542,4688,C:\Windows\System32\notepad.exe,WIND10$,C:\Windows\System32\wbem\WmiPrvSE.exe," 4688 2 0 13312 0 0x8020000000000000 21374 Security wind10.winlab.local S-1-5-20 WIND10$ WINLAB 0x3e4 0x1dc C:\Windows\System32\notepad.exe %%1936 0xe8c S-1-0-0 Administrator WINLAB.LOCAL 0x82215a C:\Windows\System32\wbem\WmiPrvSE.exe S-1-16-12288 " 2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329925 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x24e0 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-5-19 LOCAL SERVICE NT AUTHORITY 0x3e5 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329921 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x1494 C:\Windows\System32\lsass.exe %%1936 0x27c S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 C:\Windows\System32\lsass.exe S-1-16-16384 " 2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," 4688 2 0 13312 0 0x8020000000000000 329920 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x11e4 C:\Windows\System32\conhost.exe %%1936 0x17b8 S-1-0-0 - - 0x0 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe S-1-16-12288 " 2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329919 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x17b8 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1936 0x27c S-1-0-0 IEUser MSEDGEWIN10 0x16e3db3 C:\Windows\System32\lsass.exe S-1-16-12288 " 2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329916 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x1bc4 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-0-0 - - 0x0 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," 4688 2 0 13312 0 0x8020000000000000 329914 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 0x21a4 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1937 0x2480 S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-12288 " 2022-05-01T08:42:06.656542+04:00,1651380126.656542,4688,C:\Windows\System32\notepad.exe,WIND10$,C:\Windows\System32\wbem\WmiPrvSE.exe," 4688 2 0 13312 0 0x8020000000000000 21374 Security wind10.winlab.local S-1-5-20 WIND10$ WINLAB 0x3e4 0x1dc C:\Windows\System32\notepad.exe %%1936 0xe8c S-1-0-0 Administrator WINLAB.LOCAL 0x82215a C:\Windows\System32\wbem\WmiPrvSE.exe S-1-16-12288 " 1601-01-01T04:00:00+04:00,-11644473600.0,4688,C:\Windows\System32\conhost.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18208 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0x8dc C:\Windows\System32\conhost.exe %%1936 0x188 " 2019-05-11T21:10:10.904945+04:00,1557594610.904945,4688,C:\Windows\System32\cmd.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18207 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0xc74 C:\Windows\System32\cmd.exe %%1936 0x4f0 " 2019-05-11T21:10:10.889320+04:00,1557594610.88932,4688,C:\Windows\System32\wusa.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18205 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0x5b0 C:\Windows\System32\wusa.exe %%1937 0x4f0 " 2019-05-11T21:10:10.826820+04:00,1557594610.82682,4688,C:\Windows\System32\dllhost.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18204 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0x27c C:\Windows\System32\dllhost.exe %%1936 0x258 " 2019-05-11T21:10:10.795570+04:00,1557594610.79557,4688,C:\Windows\System32\dllhost.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18201 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0xec8 C:\Windows\System32\dllhost.exe %%1936 0x258 " 2019-05-11T21:10:10.654945+04:00,1557594610.654945,4688,C:\Windows\System32\consent.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18198 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0x7f0 C:\Windows\System32\consent.exe %%1936 0x3c8 " 2019-05-11T21:10:10.623695+04:00,1557594610.623695,4688,C:\Windows\System32\wusa.exe,IEUser,None," 4688 1 0 13312 0 0x8020000000000000 18197 Security IEWIN7 S-1-5-21-3583694148-1414552638-2922671848-1000 IEUser IEWIN7 0x13765 0x628 C:\Windows\System32\wusa.exe %%1938 0x4f0 " 2019-05-11T21:10:10.608070+04:00,1557594610.60807,4688,C:\Python27\python.exe,IEUser,None," 4688 1 0 13312 0 0x8020000000000000 18196 Security IEWIN7 S-1-5-21-3583694148-1414552638-2922671848-1000 IEUser IEWIN7 0x13765 0x4f0 C:\Python27\python.exe %%1938 0x12c " 2019-03-18T15:06:46.345209+04:00,1552907206.345209,4688,C:\Windows\System32\dllhost.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 433078 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0xf6c C:\Windows\System32\dllhost.exe %%1936 0x278 " 2019-03-18T15:06:42.139161+04:00,1552907202.139161,4688,C:\Windows\System32\conhost.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 432906 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x370 C:\Windows\System32\conhost.exe %%1936 0x764 " 2019-03-18T15:06:42.139161+04:00,1552907202.139161,4688,C:\Windows\System32\cmd.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 432905 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x440 C:\Windows\System32\cmd.exe %%1936 0x448 " 2019-03-19T02:16:09.458302+04:00,1552947369.458302,4688,C:\Windows\System32\calc.exe,WIN-77LTAPHIQ1R$,None," 4688 1 0 13312 0 0x8020000000000000 563299 Security WIN-77LTAPHIQ1R.example.corp S-1-5-20 WIN-77LTAPHIQ1R$ EXAMPLE 0x3e4 0x424 C:\Windows\System32\calc.exe %%1936 0xae8 " 2019-03-19T02:15:49.692401+04:00,1552947349.692401,4688,C:\Windows\System32\wbem\WmiPrvSE.exe,WIN-77LTAPHIQ1R$,None," 4688 1 0 13312 0 0x8020000000000000 563298 Security WIN-77LTAPHIQ1R.example.corp S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x3e7 0xae8 C:\Windows\System32\wbem\WmiPrvSE.exe %%1936 0x248 " 2019-03-19T04:02:07.445773+04:00,1552953727.445773,4688,C:\Windows\System32\wbem\WmiPrvSE.exe,WIN-77LTAPHIQ1R$,None," 4688 1 0 13312 0 0x8020000000000000 566844 Security WIN-77LTAPHIQ1R.example.corp S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x3e7 0x3b4 C:\Windows\System32\wbem\WmiPrvSE.exe %%1936 0x248 " 2019-03-19T04:02:04.367441+04:00,1552953724.367441,4688,C:\Windows\System32\tasklist.exe,WIN-77LTAPHIQ1R$,None," 4688 1 0 13312 0 0x8020000000000000 566839 Security WIN-77LTAPHIQ1R.example.corp S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x3e7 0x970 C:\Windows\System32\tasklist.exe %%1936 0xbcc " 2019-03-19T04:02:04.351252+04:00,1552953724.351252,4688,C:\Windows\System32\conhost.exe,WIN-77LTAPHIQ1R$,None," 4688 1 0 13312 0 0x8020000000000000 566838 Security WIN-77LTAPHIQ1R.example.corp S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x3e7 0xebc C:\Windows\System32\conhost.exe %%1936 0xbcc " 2019-03-19T04:02:04.335561+04:00,1552953724.335561,4688,C:\Windows\System32\cmd.exe,WIN-77LTAPHIQ1R$,None," 4688 1 0 13312 0 0x8020000000000000 566837 Security WIN-77LTAPHIQ1R.example.corp S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x3e7 0xbcc C:\Windows\System32\cmd.exe %%1936 0x33c " 1601-01-01T04:00:00+04:00,-11644473600.0,4688,C:\Windows\System32\conhost.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18208 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0x8dc C:\Windows\System32\conhost.exe %%1936 0x188 " 2019-05-11T21:10:10.904945+04:00,1557594610.904945,4688,C:\Windows\System32\cmd.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18207 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0xc74 C:\Windows\System32\cmd.exe %%1936 0x4f0 " 2019-05-11T21:10:10.889320+04:00,1557594610.88932,4688,C:\Windows\System32\wusa.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18205 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0x5b0 C:\Windows\System32\wusa.exe %%1937 0x4f0 " 2019-05-11T21:10:10.826820+04:00,1557594610.82682,4688,C:\Windows\System32\dllhost.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18204 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0x27c C:\Windows\System32\dllhost.exe %%1936 0x258 " 2019-05-11T21:10:10.795570+04:00,1557594610.79557,4688,C:\Windows\System32\dllhost.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18201 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0xec8 C:\Windows\System32\dllhost.exe %%1936 0x258 " 2019-05-11T21:10:10.654945+04:00,1557594610.654945,4688,C:\Windows\System32\consent.exe,IEWIN7$,None," 4688 1 0 13312 0 0x8020000000000000 18198 Security IEWIN7 S-1-5-18 IEWIN7$ WORKGROUP 0x3e7 0x7f0 C:\Windows\System32\consent.exe %%1936 0x3c8 " 2019-05-11T21:10:10.623695+04:00,1557594610.623695,4688,C:\Windows\System32\wusa.exe,IEUser,None," 4688 1 0 13312 0 0x8020000000000000 18197 Security IEWIN7 S-1-5-21-3583694148-1414552638-2922671848-1000 IEUser IEWIN7 0x13765 0x628 C:\Windows\System32\wusa.exe %%1938 0x4f0 " 2019-05-11T21:10:10.608070+04:00,1557594610.60807,4688,C:\Python27\python.exe,IEUser,None," 4688 1 0 13312 0 0x8020000000000000 18196 Security IEWIN7 S-1-5-21-3583694148-1414552638-2922671848-1000 IEUser IEWIN7 0x13765 0x4f0 C:\Python27\python.exe %%1938 0x12c " 2019-03-18T15:27:05.455663+04:00,1552908425.455663,4688,C:\Windows\System32\wbem\WMIC.exe,user01,None," 4688 1 0 13312 0 0x8020000000000000 433308 Security PC01.example.corp S-1-5-21-1587066498-1489273250-1035260531-1106 user01 EXAMPLE 0x18a7875 0x44c C:\Windows\System32\wbem\WMIC.exe %%1936 0x86c " 2019-02-13T22:05:06.665634+04:00,1550081106.665634,4688,C:\Windows\System32\AtBroker.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227784 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x7f0 C:\Windows\System32\AtBroker.exe %%1936 0xdec " 2019-02-13T22:05:06.585519+04:00,1550081106.585519,4688,C:\Windows\System32\rdpclip.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227783 Security PC01.example.corp S-1-5-20 PC01$ EXAMPLE 0x3e4 0xa1c C:\Windows\System32\rdpclip.exe %%1936 0x500 " 2019-02-13T22:05:05.453892+04:00,1550081105.453892,4688,C:\Windows\System32\TSTheme.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227776 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x9fc C:\Windows\System32\TSTheme.exe %%1936 0x278 " 2019-02-13T22:05:05.253604+04:00,1550081105.253604,4688,C:\Windows\System32\LogonUI.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227775 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0xce0 C:\Windows\System32\LogonUI.exe %%1936 0x768 " 2019-02-13T22:05:05.123416+04:00,1550081105.123416,4688,C:\Windows\System32\winlogon.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227774 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x768 C:\Windows\System32\winlogon.exe %%1936 0x62c " 2019-02-13T22:05:04.873056+04:00,1550081104.873056,4688,C:\Windows\System32\csrss.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227773 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0xadc C:\Windows\System32\csrss.exe %%1936 0x62c " 2019-02-13T22:05:04.802956+04:00,1550081104.802956,4688,C:\Windows\System32\smss.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227772 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x62c C:\Windows\System32\smss.exe %%1936 0x124 " 2019-02-13T22:05:01.037541+04:00,1550081101.037541,4688,C:\Windows\System32\rundll32.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227769 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x410 C:\Windows\System32\rundll32.exe %%1936 0x278 " 2019-02-13T22:04:57.862976+04:00,1550081097.862976,4688,C:\Windows\System32\LogonUI.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227751 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0xc70 C:\Windows\System32\LogonUI.exe %%1936 0x4b8 " 2019-02-13T22:04:57.672703+04:00,1550081097.672703,4688,C:\Windows\System32\winlogon.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227750 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x4b8 C:\Windows\System32\winlogon.exe %%1936 0x38c " 2019-02-13T22:04:57.542516+04:00,1550081097.542516,4688,C:\Windows\System32\csrss.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227749 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x9d4 C:\Windows\System32\csrss.exe %%1936 0x38c " 2019-02-13T22:04:57.462400+04:00,1550081097.4624,4688,C:\Windows\System32\smss.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227748 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x38c C:\Windows\System32\smss.exe %%1936 0x124 " 2019-02-13T22:04:01.632120+04:00,1550081041.63212,4688,C:\Windows\System32\UI0Detect.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227726 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x934 C:\Windows\System32\UI0Detect.exe %%1936 0x990 " 2019-02-13T22:03:35.734882+04:00,1550081015.734882,4688,C:\Windows\System32\slui.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227721 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0xa38 C:\Windows\System32\slui.exe %%1936 0x278 " 2019-02-13T22:03:28.338519+04:00,1550081008.338519,4688,C:\Users\user01\Desktop\plink.exe,user01,None," 4688 1 0 13312 0 0x8020000000000000 227714 Security PC01.example.corp S-1-5-21-1587066498-1489273250-1035260531-1106 user01 EXAMPLE 0x2ed80 0xcfc C:\Users\user01\Desktop\plink.exe %%1936 0xe60 " 2019-02-13T22:02:19.518362+04:00,1550080939.518362,4688,C:\Windows\System32\AtBroker.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227712 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x250 C:\Windows\System32\AtBroker.exe %%1936 0x1d0 " 2019-02-13T22:01:47.602470+04:00,1550080907.60247,4688,C:\Windows\System32\TSTheme.exe,PC01$,None," 4688 1 0 13312 0 0x8020000000000000 227695 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 0x1fc C:\Windows\System32\TSTheme.exe %%1936 0x278 " 2021-12-07T21:33:14.919262+04:00,1638898394.919262,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329925 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x24e0 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-5-19 LOCAL SERVICE NT AUTHORITY 0x3e5 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.680326+04:00,1638898381.680326,4688,C:\Windows\System32\lsass.exe,IEUser,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329921 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x1494 C:\Windows\System32\lsass.exe %%1936 0x27c S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 C:\Windows\System32\lsass.exe S-1-16-16384 " 2021-12-07T21:33:01.680005+04:00,1638898381.680005,4688,C:\Windows\System32\conhost.exe,IEUser,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe," 4688 2 0 13312 0 0x8020000000000000 329920 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 0x11e4 C:\Windows\System32\conhost.exe %%1936 0x17b8 S-1-0-0 - - 0x0 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe S-1-16-12288 " 2021-12-07T21:33:01.636384+04:00,1638898381.636384,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,MSEDGEWIN10$,C:\Windows\System32\lsass.exe," 4688 2 0 13312 0 0x8020000000000000 329919 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x17b8 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1936 0x27c S-1-0-0 IEUser MSEDGEWIN10 0x16e3db3 C:\Windows\System32\lsass.exe S-1-16-12288 " 2021-12-07T21:33:01.474816+04:00,1638898381.474816,4688,C:\Windows\System32\svchost.exe,MSEDGEWIN10$,C:\Windows\System32\services.exe," 4688 2 0 13312 0 0x8020000000000000 329916 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 0x1bc4 C:\Windows\System32\svchost.exe %%1936 0x274 S-1-0-0 - - 0x0 C:\Windows\System32\services.exe S-1-16-16384 " 2021-12-07T21:33:01.409312+04:00,1638898381.409312,4688,\Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe,IEUser,C:\Windows\System32\cmd.exe," 4688 2 0 13312 0 0x8020000000000000 329914 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 0x21a4 \Device\Mup\VBoxSvr\Users\bouss\Downloads\MalSeclogon-master\x64\Debug\MalSeclogon.exe %%1937 0x2480 S-1-0-0 - - 0x0 C:\Windows\System32\cmd.exe S-1-16-12288 " 2022-05-01T08:42:06.656542+04:00,1651380126.656542,4688,C:\Windows\System32\notepad.exe,WIND10$,C:\Windows\System32\wbem\WmiPrvSE.exe," 4688 2 0 13312 0 0x8020000000000000 21374 Security wind10.winlab.local S-1-5-20 WIND10$ WINLAB 0x3e4 0x1dc C:\Windows\System32\notepad.exe %%1936 0xe8c S-1-0-0 Administrator WINLAB.LOCAL 0x82215a C:\Windows\System32\wbem\WmiPrvSE.exe S-1-16-12288 "