{ "id": "bundle--a625c45a-c49c-488c-a9c0-8ff9529ae1ad", "spec_version": "2.0", "objects": [ { "created": "2019-08-23T11:42:37.424Z", "id": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "identity_class": "system", "modified": "2019-08-23T11:42:37.424Z", "name": "carbonblack", "type": "identity" }, { "created": "2019-07-24T16:59:16.578Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-24T16:59:16.578Z", "id": "observed-data--626a6ca7-1145-4a66-b695-e1fe8090c319", "last_observed": "2019-07-24T16:59:16.578Z", "modified": "2019-07-24T16:59:16.578Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV", "created": "2019-07-24T16:59:16.578Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7284, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 800, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.2" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.10" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-07-30T13:05:54.972Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T13:05:54.972Z", "id": "observed-data--e4f1d90e-0f50-4b60-ba20-89ac3a3e9f58", "last_observed": "2019-07-30T13:05:54.972Z", "modified": "2019-07-30T13:05:54.972Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "5b9365bcf5c12d0585574edbae31bb97" }, "name": "applemobiledeviceservice.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe\"", "created": "2019-07-30T13:05:54.972Z", "creator_user_ref": "8", "name": "applemobiledeviceservice.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 4956, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 564, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-07-30T13:05:55.782Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T13:05:55.782Z", "id": "observed-data--9e1a8ec9-21e1-43a0-acc8-6e69eced2d21", "last_observed": "2019-07-30T13:05:55.782Z", "modified": "2019-07-30T13:05:55.782Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV", "created": "2019-07-30T13:05:55.782Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7672, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 564, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ], "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-07-30T13:05:55.782Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T13:05:55.782Z", "id": "observed-data--6d694299-b685-4131-a18b-a8893e1dd653", "last_observed": "2019-07-30T13:05:55.782Z", "modified": "2019-07-30T13:05:55.782Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV", "created": "2019-07-30T13:05:55.782Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7672, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 564, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ], "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-07-30T13:05:59.127Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T13:05:59.127Z", "id": "observed-data--1c3a53f0-621b-43fd-bcfb-c1f051edc31f", "last_observed": "2019-07-30T13:05:59.127Z", "modified": "2019-07-30T13:05:59.127Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-07-30T13:05:59.127Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8824, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5180, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-07-30T13:05:59.127Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T13:05:59.127Z", "id": "observed-data--50cf225e-e1df-4046-b889-f929f7ab99ca", "last_observed": "2019-07-30T13:05:59.127Z", "modified": "2019-07-30T13:05:59.127Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-07-30T13:05:59.127Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8824, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5180, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-07-30T13:05:59.127Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T13:05:59.127Z", "id": "observed-data--6c778f59-35a0-456d-ab40-8e1f4d805ccb", "last_observed": "2019-07-30T13:05:59.127Z", "modified": "2019-07-30T13:05:59.127Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-07-30T13:05:59.127Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8824, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5180, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-07-30T13:19:19.434Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T13:19:19.434Z", "id": "observed-data--ef26b072-c06e-47a9-9ad8-0d465aba56cf", "last_observed": "2019-07-30T13:19:19.434Z", "modified": "2019-07-30T13:19:19.434Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1d3207f970767cdae6e9d46f60a9faf7" }, "name": "dwm.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\ProgramData\\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\\0.1.233\\{88D332D8-3F68-477D-9BCB-6FD6B421487D}\\dwm.exe --run --input-ipc=860 --output-ipc=872 --hidden --krb=true --instance=__4d98170f1ec2d0a4ef5617639a583807af1f1fe2", "created": "2019-07-30T13:19:19.434Z", "creator_user_ref": "8", "name": "dwm.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 15020, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "svc.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "svc.exe", "pid": 11856, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-07-30T13:19:19.434Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T13:19:19.434Z", "id": "observed-data--703c0d68-1f57-4307-9131-136197842e43", "last_observed": "2019-07-30T13:19:19.434Z", "modified": "2019-07-30T13:19:19.434Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1d3207f970767cdae6e9d46f60a9faf7" }, "name": "dwm.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\ProgramData\\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\\0.1.233\\{88D332D8-3F68-477D-9BCB-6FD6B421487D}\\dwm.exe --run --input-ipc=860 --output-ipc=872 --hidden --krb=true --instance=__4d98170f1ec2d0a4ef5617639a583807af1f1fe2", "created": "2019-07-30T13:19:19.434Z", "creator_user_ref": "8", "name": "dwm.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 15020, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "svc.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "svc.exe", "pid": 11856, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-07-30T13:51:37.103Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T13:51:37.103Z", "id": "observed-data--80f0165a-4645-4a6b-bf53-20c21f499184", "last_observed": "2019-07-30T13:51:37.103Z", "modified": "2019-07-30T13:51:37.103Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k LocalServiceAndNoImpersonation -p -s FDResPub", "created": "2019-07-30T13:51:37.103Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8296, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 564, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-07-30T13:51:37.103Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T13:51:37.103Z", "id": "observed-data--34c468ba-6ca6-455c-a366-b26574eb8450", "last_observed": "2019-07-30T13:51:37.103Z", "modified": "2019-07-30T13:51:37.103Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k LocalServiceAndNoImpersonation -p -s FDResPub", "created": "2019-07-30T13:51:37.103Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8296, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 564, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-07-30T18:19:10.252Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T18:19:10.252Z", "id": "observed-data--3d5fe0e1-300c-44b3-a6db-f96dd1a147af", "last_observed": "2019-07-30T18:19:10.252Z", "modified": "2019-07-30T18:19:10.252Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k netsvcs -p -s BITS", "created": "2019-07-30T18:19:10.252Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 10776, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 800, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.2" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.10" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-07-30T18:54:02.958Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T18:54:02.958Z", "id": "observed-data--6d07a6bd-377c-4594-9750-571b1e5f4c0f", "last_observed": "2019-07-30T18:54:02.958Z", "modified": "2019-07-30T18:54:02.958Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k netsvcs -p -s BITS", "created": "2019-07-30T18:54:02.958Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8872, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 800, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.2" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.10" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-07-30T19:11:31.657Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T19:11:31.657Z", "id": "observed-data--152d80e4-7793-4c4a-be9a-072e06a2097c", "last_observed": "2019-07-30T19:11:31.657Z", "modified": "2019-07-30T19:11:31.657Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"", "created": "2019-07-30T19:11:31.657Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9124, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 1136, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-07-30T19:11:33.088Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T19:11:33.088Z", "id": "observed-data--1a163fb9-349a-4454-bd5c-a22e7bede75a", "last_observed": "2019-07-30T19:11:33.088Z", "modified": "2019-07-30T19:11:33.088Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"9124.3.1781941266\\1440152860\" -childID 1 -isForBrowser -prefsHandle 2680 -prefMapHandle 2668 -prefsLen 1 -prefMapSize 191803 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 9124 \"\\\\.\\pipe\\gecko-crash-server-pipe.9124\" 2692 tab", "created": "2019-07-30T19:11:33.088Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 4312, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 9124, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-07-30T19:11:34.019Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T19:11:34.019Z", "id": "observed-data--da5d84d8-9982-4aee-bbd1-d3ac9b5324e9", "last_observed": "2019-07-30T19:11:34.019Z", "modified": "2019-07-30T19:11:34.019Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"9124.13.1964969577\\1558032481\" -childID 2 -isForBrowser -prefsHandle 4296 -prefMapHandle 4348 -prefsLen 5996 -prefMapSize 191803 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 9124 \"\\\\.\\pipe\\gecko-crash-server-pipe.9124\" 4280 tab", "created": "2019-07-30T19:11:34.019Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 13904, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 9124, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-07-30T19:11:35.688Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T19:11:35.688Z", "id": "observed-data--3b1f679c-73e3-43fd-951d-118b155e9307", "last_observed": "2019-07-30T19:11:35.688Z", "modified": "2019-07-30T19:11:35.688Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"9124.20.1273595010\\97747244\" -childID 3 -isForBrowser -prefsHandle 5372 -prefMapHandle 5240 -prefsLen 7626 -prefMapSize 191803 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 9124 \"\\\\.\\pipe\\gecko-crash-server-pipe.9124\" 5408 tab", "created": "2019-07-30T19:11:35.688Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 14864, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 9124, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-07-30T19:12:44.897Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T19:12:44.897Z", "id": "observed-data--20b25b42-1117-43fe-96e8-5e7b049f3344", "last_observed": "2019-07-30T19:12:44.897Z", "modified": "2019-07-30T19:12:44.897Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"9124.34.647184881\\507465470\" -childID 5 -isForBrowser -prefsHandle 6032 -prefMapHandle 6116 -prefsLen 9004 -prefMapSize 191803 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 9124 \"\\\\.\\pipe\\gecko-crash-server-pipe.9124\" 5116 tab", "created": "2019-07-30T19:12:44.897Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 14488, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 9124, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-07-30T19:13:47.783Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T19:13:47.783Z", "id": "observed-data--5b57192d-26f2-4e92-953f-c783d564d8d1", "last_observed": "2019-07-30T19:13:47.783Z", "modified": "2019-07-30T19:13:47.783Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"9124.48.1867633408\\2146585794\" -childID 7 -isForBrowser -prefsHandle 10180 -prefMapHandle 10176 -prefsLen 9007 -prefMapSize 191803 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 9124 \"\\\\.\\pipe\\gecko-crash-server-pipe.9124\" 8132 tab", "created": "2019-07-30T19:13:47.783Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8728, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 9124, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-07-30T19:16:34.248Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T19:16:34.248Z", "id": "observed-data--c84619c5-c3f9-42d4-b1a1-c6f211bb5f81", "last_observed": "2019-07-30T19:16:34.248Z", "modified": "2019-07-30T19:16:34.248Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"9124.55.1816851739\\333634324\" -childID 8 -isForBrowser -prefsHandle 6940 -prefMapHandle 8116 -prefsLen 9052 -prefMapSize 191803 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 9124 \"\\\\.\\pipe\\gecko-crash-server-pipe.9124\" 8820 tab", "created": "2019-07-30T19:16:34.248Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 11800, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 9124, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-07-30T19:21:30.377Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T19:21:30.377Z", "id": "observed-data--f70eced6-7991-4c47-b69c-18839caca79f", "last_observed": "2019-07-30T19:21:30.377Z", "modified": "2019-07-30T19:21:30.377Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k netsvcs -p -s BITS", "created": "2019-07-30T19:21:30.377Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 16228, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 564, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-07-30T19:43:02.111Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-07-30T19:43:02.111Z", "id": "observed-data--dd36ecb2-2b22-4620-a65c-fe4b62f10835", "last_observed": "2019-07-30T19:43:02.111Z", "modified": "2019-07-30T19:43:02.111Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k netsvcs -p -s BITS", "created": "2019-07-30T19:43:02.111Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8608, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 564, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.7" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "10.10.10.10" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:06.665Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:06.66Z", "id": "observed-data--f792d957-7cb0-4e0c-b045-7373a3f18554", "last_observed": "2019-08-03T02:56:06.66Z", "modified": "2019-08-03T02:56:06.665Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "d3a47bc62fa45a95aab586476382edea" }, "name": "ntoskrnl.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:06.66Z", "creator_user_ref": "8", "name": "ntoskrnl.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 4, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "ntoskrnl.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "ntoskrnl.exe", "pid": 0, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.146Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.146Z", "id": "observed-data--da5851da-f20d-4e51-ba8a-fc180ec1efee", "last_observed": "2019-08-03T02:56:21.146Z", "modified": "2019-08-03T02:56:21.146Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "5b9365bcf5c12d0585574edbae31bb97" }, "name": "applemobiledeviceservice.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.146Z", "creator_user_ref": "8", "name": "applemobiledeviceservice.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5352, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.146Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.146Z", "id": "observed-data--e10dc3ee-7beb-4fca-afa2-9c3ccf927e01", "last_observed": "2019-08-03T02:56:21.146Z", "modified": "2019-08-03T02:56:21.146Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "5b9365bcf5c12d0585574edbae31bb97" }, "name": "applemobiledeviceservice.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.146Z", "creator_user_ref": "8", "name": "applemobiledeviceservice.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5352, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.146Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.146Z", "id": "observed-data--7b199d85-ca7c-49ec-bb30-afe0dcb93487", "last_observed": "2019-08-03T02:56:21.146Z", "modified": "2019-08-03T02:56:21.146Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "5b9365bcf5c12d0585574edbae31bb97" }, "name": "applemobiledeviceservice.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.146Z", "creator_user_ref": "8", "name": "applemobiledeviceservice.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5352, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.224Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.224Z", "id": "observed-data--21ba0c21-75f9-4340-ab9f-2ea1feb383c9", "last_observed": "2019-08-03T02:56:21.224Z", "modified": "2019-08-03T02:56:21.224Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "adc2a1f46da3bf1d5b6f53976290fb7d" }, "name": "vmware-authd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.224Z", "creator_user_ref": "8", "name": "vmware-authd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5704, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.224Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.224Z", "id": "observed-data--d1f45fab-8f3f-4a91-b93a-427d6d02e467", "last_observed": "2019-08-03T02:56:21.224Z", "modified": "2019-08-03T02:56:21.224Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "adc2a1f46da3bf1d5b6f53976290fb7d" }, "name": "vmware-authd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.224Z", "creator_user_ref": "8", "name": "vmware-authd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5704, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.224Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.224Z", "id": "observed-data--d4c52044-980f-46db-9fcb-f6c343eff775", "last_observed": "2019-08-03T02:56:21.224Z", "modified": "2019-08-03T02:56:21.224Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "adc2a1f46da3bf1d5b6f53976290fb7d" }, "name": "vmware-authd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.224Z", "creator_user_ref": "8", "name": "vmware-authd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5704, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.224Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.224Z", "id": "observed-data--148cbecf-ec02-4ec5-bab7-88f462cf6fd4", "last_observed": "2019-08-03T02:56:21.224Z", "modified": "2019-08-03T02:56:21.224Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "adc2a1f46da3bf1d5b6f53976290fb7d" }, "name": "vmware-authd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.224Z", "creator_user_ref": "8", "name": "vmware-authd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5704, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.224Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.224Z", "id": "observed-data--e746966d-f190-46c1-91fb-f9365ce3ba60", "last_observed": "2019-08-03T02:56:21.224Z", "modified": "2019-08-03T02:56:21.224Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "adc2a1f46da3bf1d5b6f53976290fb7d" }, "name": "vmware-authd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.224Z", "creator_user_ref": "8", "name": "vmware-authd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5704, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.268Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.268Z", "id": "observed-data--1ba8090a-4d4f-45fb-8f11-8eee2fb14fed", "last_observed": "2019-08-03T02:56:21.268Z", "modified": "2019-08-03T02:56:21.268Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a8d574a86f67d52c5de894f23699b70f" }, "name": "teamviewer_service.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.268Z", "creator_user_ref": "8", "name": "teamviewer_service.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5784, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.268Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.268Z", "id": "observed-data--a87b0e68-0b9e-47bb-a633-eb872bf774d6", "last_observed": "2019-08-03T02:56:21.268Z", "modified": "2019-08-03T02:56:21.268Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a8d574a86f67d52c5de894f23699b70f" }, "name": "teamviewer_service.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.268Z", "creator_user_ref": "8", "name": "teamviewer_service.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5784, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.268Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.268Z", "id": "observed-data--22ab9d9b-a1e3-446b-b8fd-9968866b88da", "last_observed": "2019-08-03T02:56:21.268Z", "modified": "2019-08-03T02:56:21.268Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a8d574a86f67d52c5de894f23699b70f" }, "name": "teamviewer_service.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.268Z", "creator_user_ref": "8", "name": "teamviewer_service.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5784, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.268Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.268Z", "id": "observed-data--ec0ab983-5448-4638-872d-4a130f4627a7", "last_observed": "2019-08-03T02:56:21.268Z", "modified": "2019-08-03T02:56:21.268Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a8d574a86f67d52c5de894f23699b70f" }, "name": "teamviewer_service.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.268Z", "creator_user_ref": "8", "name": "teamviewer_service.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5784, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.30" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.471Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.471Z", "id": "observed-data--9e774290-5f08-4682-9478-195fc2063ed0", "last_observed": "2019-08-03T02:56:21.471Z", "modified": "2019-08-03T02:56:21.471Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "3323fa7d6eba946ec070186927573e62" }, "name": "dashost.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.471Z", "creator_user_ref": "8", "name": "dashost.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 6192, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 5468, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.471Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.471Z", "id": "observed-data--362e748a-cbbd-4ede-a421-1d3577629ede", "last_observed": "2019-08-03T02:56:21.471Z", "modified": "2019-08-03T02:56:21.471Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "3323fa7d6eba946ec070186927573e62" }, "name": "dashost.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.471Z", "creator_user_ref": "8", "name": "dashost.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 6192, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 5468, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:21.471Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:21.471Z", "id": "observed-data--47fb7577-f8b9-470b-a0fb-b76db06b1d11", "last_observed": "2019-08-03T02:56:21.471Z", "modified": "2019-08-03T02:56:21.471Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "3323fa7d6eba946ec070186927573e62" }, "name": "dashost.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:21.471Z", "creator_user_ref": "8", "name": "dashost.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 6192, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 5468, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--0696b316-b97c-4bf6-85d1-baf0cf149c78", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--e4cdad10-7b6c-4de7-87a3-6c37f2497a4d", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--5de0dfd3-1fb4-4ea1-9414-ca862a9bd353", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--106c1d52-fa1e-4874-9fa0-99a4a8635bae", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--7409ccc9-242d-4fa2-ad77-d0d05c3ed4bf", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--2609ee57-a1b4-42f9-80aa-ab5bb819b841", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--fba14f2c-b3d6-42bb-90e3-99933d504d83", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--acc0c9a7-04cb-42be-9b23-675afb23a18c", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--2f69b3d2-2356-4959-84f0-51c65042ff4b", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--36fb475c-b30e-4002-bd68-155cf10b9b69", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--1d9ba92d-5db5-4d47-b7de-d9266fdb6883", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--4d1e4c3e-189a-4918-9c56-705ad9105af3", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--4a10a22e-3066-4b80-8d62-747954f168fd", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--54373f5c-e807-4f82-bdd8-4baec13135de", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--77cba82c-da4c-4680-8900-0528d9087e27", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--306cce01-35ec-4a6c-b0d1-cdbbb35498f3", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--d9aa0099-d5f9-4f24-a29f-5ca29021f25e", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--be2259a8-2a14-429f-a88b-5f34c2d977a4", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--caee2422-bce5-4d37-aa6d-f2852777c16f", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--dee129e6-20f3-407f-986d-6826765c7251", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--19635f96-65ac-4514-97a9-969f2efbdab6", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--5bbf0e4f-143c-48ec-b5a0-88e43f5f99d6", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--fcdf3b69-d011-43f7-ab54-16aa047ffa15", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--263ef512-42c9-456c-af4b-2e76a97756c5", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--0b23fde0-9707-48f3-aa19-79bb648e9159", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--5a0254c3-04f5-4616-889f-ca5f914e1d68", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--cb34ba67-a89f-4e1a-b8c4-687db6f22db4", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--678eab08-89e5-4ff2-a82b-c83cf2de3c8e", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:22.345Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:22.345Z", "id": "observed-data--b8df7978-e99c-416c-a60c-66980c0486e5", "last_observed": "2019-08-03T02:56:22.345Z", "modified": "2019-08-03T02:56:22.345Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "dee2497b558b765c9c07ea23a8fa11b0" }, "name": "vmware-hostd.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:22.345Z", "creator_user_ref": "8", "name": "vmware-hostd.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7456, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:25.304Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:25.304Z", "id": "observed-data--9e322900-f8a5-4bcd-b56f-4bb767f6da62", "last_observed": "2019-08-03T02:56:25.304Z", "modified": "2019-08-03T02:56:25.304Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:25.304Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8344, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:25.304Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:25.304Z", "id": "observed-data--102ebe48-a5fe-4bfd-a177-aa1fb75d11c7", "last_observed": "2019-08-03T02:56:25.304Z", "modified": "2019-08-03T02:56:25.304Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:25.304Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8344, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:25.304Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:25.304Z", "id": "observed-data--78844f72-3fd6-4aca-a78b-4a9183da8929", "last_observed": "2019-08-03T02:56:25.304Z", "modified": "2019-08-03T02:56:25.304Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:25.304Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8344, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:25.304Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:25.304Z", "id": "observed-data--4654678d-5395-4911-a125-878d3ba710f8", "last_observed": "2019-08-03T02:56:25.304Z", "modified": "2019-08-03T02:56:25.304Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:25.304Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8344, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:25.304Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:25.304Z", "id": "observed-data--872197a5-97f8-4e31-af19-9375ad70a6da", "last_observed": "2019-08-03T02:56:25.304Z", "modified": "2019-08-03T02:56:25.304Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:25.304Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8344, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:25.304Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:25.304Z", "id": "observed-data--594b6718-c19d-4d5d-b459-5911c7e22a0d", "last_observed": "2019-08-03T02:56:25.304Z", "modified": "2019-08-03T02:56:25.304Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:25.304Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8344, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:25.304Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:25.304Z", "id": "observed-data--57d9776d-6691-486f-9dc0-1ed19da93f22", "last_observed": "2019-08-03T02:56:25.304Z", "modified": "2019-08-03T02:56:25.304Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:25.304Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8344, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:25.304Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:25.304Z", "id": "observed-data--6d344ed0-2e0b-48f6-bc74-002a29603817", "last_observed": "2019-08-03T02:56:25.304Z", "modified": "2019-08-03T02:56:25.304Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:25.304Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8344, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:25.304Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:25.304Z", "id": "observed-data--ced7aa9d-0563-4d1c-bac5-523835c950ca", "last_observed": "2019-08-03T02:56:25.304Z", "modified": "2019-08-03T02:56:25.304Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:25.304Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8344, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:25.304Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:25.304Z", "id": "observed-data--a92370b8-0a84-4cdc-9149-8078ba9a096f", "last_observed": "2019-08-03T02:56:25.304Z", "modified": "2019-08-03T02:56:25.304Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:25.304Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8344, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:25.304Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:25.304Z", "id": "observed-data--b5461f2b-1a2c-4405-a371-c3c0885c89f4", "last_observed": "2019-08-03T02:56:25.304Z", "modified": "2019-08-03T02:56:25.304Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "(unknown)", "created": "2019-08-03T02:56:25.304Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8344, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "(unknown)", "type": "file" }, "3": { "binary_ref": "2", "name": "(unknown)", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:28.746Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:28.746Z", "id": "observed-data--6b747245-c8d9-4882-8b4e-4d75f22aade5", "last_observed": "2019-08-03T02:56:28.746Z", "modified": "2019-08-03T02:56:28.746Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-08-03T02:56:28.746Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9440, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5784, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:28.746Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:28.746Z", "id": "observed-data--07c5e9e6-2a8a-40e7-9b08-25e39c6ecc1d", "last_observed": "2019-08-03T02:56:28.746Z", "modified": "2019-08-03T02:56:28.746Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-08-03T02:56:28.746Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9440, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5784, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:28.746Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:28.746Z", "id": "observed-data--d666e616-e4e1-480b-9954-500005afb12b", "last_observed": "2019-08-03T02:56:28.746Z", "modified": "2019-08-03T02:56:28.746Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-08-03T02:56:28.746Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9440, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5784, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:28.746Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:28.746Z", "id": "observed-data--8209ace3-a85a-4301-b8b5-1b6a24109d26", "last_observed": "2019-08-03T02:56:28.746Z", "modified": "2019-08-03T02:56:28.746Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-08-03T02:56:28.746Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9440, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5784, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:28.746Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:28.746Z", "id": "observed-data--fd1ed085-85a1-4fae-b701-47d3e8768255", "last_observed": "2019-08-03T02:56:28.746Z", "modified": "2019-08-03T02:56:28.746Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-08-03T02:56:28.746Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9440, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5784, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:28.746Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:28.746Z", "id": "observed-data--07170e84-568e-4b17-bd64-de5fee282833", "last_observed": "2019-08-03T02:56:28.746Z", "modified": "2019-08-03T02:56:28.746Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-08-03T02:56:28.746Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9440, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5784, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:28.746Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:28.746Z", "id": "observed-data--f35e2b4d-7576-41df-9c71-543bdac0d53f", "last_observed": "2019-08-03T02:56:28.746Z", "modified": "2019-08-03T02:56:28.746Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-08-03T02:56:28.746Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9440, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5784, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:28.746Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:28.746Z", "id": "observed-data--414fcdb8-d5de-435f-a169-3df6a0b2226b", "last_observed": "2019-08-03T02:56:28.746Z", "modified": "2019-08-03T02:56:28.746Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-08-03T02:56:28.746Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9440, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5784, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:28.746Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:28.746Z", "id": "observed-data--4a21e537-bca0-4c82-bce0-f93e6d0112a3", "last_observed": "2019-08-03T02:56:28.746Z", "modified": "2019-08-03T02:56:28.746Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-08-03T02:56:28.746Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9440, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5784, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:28.746Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:28.746Z", "id": "observed-data--8ba02545-99aa-4572-86fd-cf74113511ad", "last_observed": "2019-08-03T02:56:28.746Z", "modified": "2019-08-03T02:56:28.746Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-08-03T02:56:28.746Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9440, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5784, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:56:28.746Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:56:28.746Z", "id": "observed-data--f9a7d02f-bca2-4699-be33-3619e56dddb1", "last_observed": "2019-08-03T02:56:28.746Z", "modified": "2019-08-03T02:56:28.746Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "1ba6cce42c29e2dfbcc3f49fe12b0306" }, "name": "teamviewer.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer.exe\"", "created": "2019-08-03T02:56:28.746Z", "creator_user_ref": "8", "name": "teamviewer.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 9440, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "teamviewer_service.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "teamviewer_service.exe", "pid": 5784, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:00.985Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:00.985Z", "id": "observed-data--7bf4f251-1742-4013-957a-cf235136979f", "last_observed": "2019-08-03T02:58:00.985Z", "modified": "2019-08-03T02:58:00.985Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k netsvcs -p -s BITS", "created": "2019-08-03T02:58:00.985Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 12960, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--113847f2-c8a0-491c-9d0c-27aacb9cba0a", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--0fb027cf-78ec-475a-ac6d-2e4ab1f2364d", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--53bd549d-7e0b-48c1-90ed-3ef832c89a07", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--57baaced-49f8-4096-bcce-da7914905e04", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--f8b4c4be-70cc-42b0-8e42-703f9c6b8db3", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--06d12d13-f51d-4bce-8fa2-e9befecfbda1", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--6a4ae9ce-0d47-4e18-910c-8d317cedf9f1", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--ef612f51-d627-4e72-ab8f-59470268cb67", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--50a3710f-a952-4378-811b-a3b4495bd38e", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--0e369481-2248-4525-a503-54bd239b7670", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--69eb16c2-7a7c-4e2e-8ed0-c3bd9ef875c4", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--aae50f67-4e1d-4a1e-adf3-bb20a314d256", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--04bc4197-69df-4920-82e7-4582124bacd8", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--c200dc65-d646-40ee-8ac5-24097acde965", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--da9aa6a0-a95d-44fc-b499-a2802fb17f54", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--80c23713-d977-4376-aea0-c3c007ea85ab", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--47e96784-fe3c-414f-88d7-f3e1e5755c62", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--a0790ce5-e4d4-49aa-8746-eb318f8041ed", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--777fcfb4-4887-4ec5-b4a7-ab72b21ce961", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--0a3807bc-aa17-46d6-baa0-b2c816d13cd4", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--c8eb20b7-f229-4c66-b12a-78bd3fc85dcc", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--7b2972c9-93eb-45b8-9a9d-c26095e0c99b", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--8a948a68-b3d9-4073-9971-0e6ef6fe66ff", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--877d0046-f0b6-4cd1-9dc3-6be27f36e5e5", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--d6debc53-ebc7-42a2-aa0d-a25ee4e64e95", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--b4e5bf80-9392-4f95-baac-b5bcd506f246", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--d42d027d-6b35-4dc7-a000-8e8ede1cd271", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--e0b7c27a-9a45-4a6e-9bb7-b5a0093b3bca", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T02:58:46.279Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T02:58:46.279Z", "id": "observed-data--cce29db9-6d95-455f-bdd5-bfee7fdf9964", "last_observed": "2019-08-03T02:58:46.279Z", "modified": "2019-08-03T02:58:46.279Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "2e6395e098b8577446e70d0f6a63c338" }, "name": "vmware.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware.exe\" ", "created": "2019-08-03T02:58:46.279Z", "creator_user_ref": "8", "name": "vmware.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 2484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "explorer.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "explorer.exe", "pid": 8096, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:02:26.056Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:02:26.056Z", "id": "observed-data--011cf702-3e23-453d-b75b-efebb9e5893f", "last_observed": "2019-08-03T03:02:26.056Z", "modified": "2019-08-03T03:02:26.056Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k LocalServiceAndNoImpersonation -p -s FDResPub", "created": "2019-08-03T03:02:26.056Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 13920, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T03:02:26.056Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:02:26.056Z", "id": "observed-data--28d4bd5c-a4db-4296-a96f-d40167404d58", "last_observed": "2019-08-03T03:02:26.056Z", "modified": "2019-08-03T03:02:26.056Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k LocalServiceAndNoImpersonation -p -s FDResPub", "created": "2019-08-03T03:02:26.056Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 13920, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T03:02:26.056Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:02:26.056Z", "id": "observed-data--f24f2585-dcc8-467d-b242-2c7e792498b5", "last_observed": "2019-08-03T03:02:26.056Z", "modified": "2019-08-03T03:02:26.056Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k LocalServiceAndNoImpersonation -p -s FDResPub", "created": "2019-08-03T03:02:26.056Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 13920, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T03:02:26.056Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:02:26.056Z", "id": "observed-data--fb0217a0-b4eb-4814-a8c7-a87e64627517", "last_observed": "2019-08-03T03:02:26.056Z", "modified": "2019-08-03T03:02:26.056Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k LocalServiceAndNoImpersonation -p -s FDResPub", "created": "2019-08-03T03:02:26.056Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 13920, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T03:02:26.056Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:02:26.056Z", "id": "observed-data--df0fc75e-e82a-46e5-9051-ab18652af969", "last_observed": "2019-08-03T03:02:26.056Z", "modified": "2019-08-03T03:02:26.056Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k LocalServiceAndNoImpersonation -p -s FDResPub", "created": "2019-08-03T03:02:26.056Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 13920, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 776, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:11.897Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:11.897Z", "id": "observed-data--acb27806-1a83-416c-80b6-e71b1ad62736", "last_observed": "2019-08-03T03:17:11.897Z", "modified": "2019-08-03T03:17:11.897Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"", "created": "2019-08-03T03:17:11.897Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 3464, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 7940, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:11.897Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:11.897Z", "id": "observed-data--f720f331-5dde-45fd-b557-89c8cd9c5de4", "last_observed": "2019-08-03T03:17:11.897Z", "modified": "2019-08-03T03:17:11.897Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"", "created": "2019-08-03T03:17:11.897Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 3464, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 7940, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:11.897Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:11.897Z", "id": "observed-data--72cb1d3e-0cdd-4f53-91c6-63c887ffb23d", "last_observed": "2019-08-03T03:17:11.897Z", "modified": "2019-08-03T03:17:11.897Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"", "created": "2019-08-03T03:17:11.897Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 3464, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 7940, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:11.897Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:11.897Z", "id": "observed-data--2098202e-0e99-4744-850f-0c67f20d8c50", "last_observed": "2019-08-03T03:17:11.897Z", "modified": "2019-08-03T03:17:11.897Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"", "created": "2019-08-03T03:17:11.897Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 3464, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 7940, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:11.897Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:11.897Z", "id": "observed-data--324d93e3-f9d6-470d-a93c-ddbf4d5a87b6", "last_observed": "2019-08-03T03:17:11.897Z", "modified": "2019-08-03T03:17:11.897Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"", "created": "2019-08-03T03:17:11.897Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 3464, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 7940, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:11.897Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:11.897Z", "id": "observed-data--21e2ef8d-120e-489d-90d8-5e66f38a0dce", "last_observed": "2019-08-03T03:17:11.897Z", "modified": "2019-08-03T03:17:11.897Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"", "created": "2019-08-03T03:17:11.897Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 3464, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 7940, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:11.897Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:11.897Z", "id": "observed-data--00227dfd-1cfd-4676-b862-393938512474", "last_observed": "2019-08-03T03:17:11.897Z", "modified": "2019-08-03T03:17:11.897Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"", "created": "2019-08-03T03:17:11.897Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 3464, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 7940, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:17.145Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:17.145Z", "id": "observed-data--0cde8a5d-070e-46d0-9062-8b583a72a26b", "last_observed": "2019-08-03T03:17:17.145Z", "modified": "2019-08-03T03:17:17.145Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.3.633422389\\186528644\" -childID 1 -isForBrowser -prefsHandle 2596 -prefMapHandle 2592 -prefsLen 1 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 2616 tab", "created": "2019-08-03T03:17:17.145Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 13036, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:17.145Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:17.145Z", "id": "observed-data--6865bafe-3088-4e07-bf91-4557457b773e", "last_observed": "2019-08-03T03:17:17.145Z", "modified": "2019-08-03T03:17:17.145Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.3.633422389\\186528644\" -childID 1 -isForBrowser -prefsHandle 2596 -prefMapHandle 2592 -prefsLen 1 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 2616 tab", "created": "2019-08-03T03:17:17.145Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 13036, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:17.811Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:17.811Z", "id": "observed-data--70bba14c-c3a5-4975-a215-51b40750b340", "last_observed": "2019-08-03T03:17:17.811Z", "modified": "2019-08-03T03:17:17.811Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.13.2049072771\\923036624\" -childID 2 -isForBrowser -prefsHandle 4112 -prefMapHandle 4116 -prefsLen 5996 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 4128 tab", "created": "2019-08-03T03:17:17.811Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 14676, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:19.223Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:19.223Z", "id": "observed-data--656a2efc-3935-44bc-be04-202ae021b7ad", "last_observed": "2019-08-03T03:17:19.223Z", "modified": "2019-08-03T03:17:19.223Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.20.1930265346\\551090926\" -childID 3 -isForBrowser -prefsHandle 4840 -prefMapHandle 4904 -prefsLen 6782 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 4832 tab", "created": "2019-08-03T03:17:19.223Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 14268, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:19.223Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:19.223Z", "id": "observed-data--6ec74ebf-bd0a-483c-b424-3168c7d4ab38", "last_observed": "2019-08-03T03:17:19.223Z", "modified": "2019-08-03T03:17:19.223Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.20.1930265346\\551090926\" -childID 3 -isForBrowser -prefsHandle 4840 -prefMapHandle 4904 -prefsLen 6782 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 4832 tab", "created": "2019-08-03T03:17:19.223Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 14268, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:19.223Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:19.223Z", "id": "observed-data--fe4b9461-6469-423f-ae6d-6a53d92f7741", "last_observed": "2019-08-03T03:17:19.223Z", "modified": "2019-08-03T03:17:19.223Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.20.1930265346\\551090926\" -childID 3 -isForBrowser -prefsHandle 4840 -prefMapHandle 4904 -prefsLen 6782 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 4832 tab", "created": "2019-08-03T03:17:19.223Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 14268, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:19.223Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:19.223Z", "id": "observed-data--675b93dc-3fe3-408b-bafb-00c030da875d", "last_observed": "2019-08-03T03:17:19.223Z", "modified": "2019-08-03T03:17:19.223Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.20.1930265346\\551090926\" -childID 3 -isForBrowser -prefsHandle 4840 -prefMapHandle 4904 -prefsLen 6782 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 4832 tab", "created": "2019-08-03T03:17:19.223Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 14268, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:19.223Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:19.223Z", "id": "observed-data--8c8e4f0c-27e2-4a27-8fa3-6cc62001d27d", "last_observed": "2019-08-03T03:17:19.223Z", "modified": "2019-08-03T03:17:19.223Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.20.1930265346\\551090926\" -childID 3 -isForBrowser -prefsHandle 4840 -prefMapHandle 4904 -prefsLen 6782 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 4832 tab", "created": "2019-08-03T03:17:19.223Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 14268, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:19.223Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:19.223Z", "id": "observed-data--466e75d5-b90e-4efd-9bcb-6972079d059a", "last_observed": "2019-08-03T03:17:19.223Z", "modified": "2019-08-03T03:17:19.223Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.20.1930265346\\551090926\" -childID 3 -isForBrowser -prefsHandle 4840 -prefMapHandle 4904 -prefsLen 6782 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 4832 tab", "created": "2019-08-03T03:17:19.223Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 14268, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:19.223Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:19.223Z", "id": "observed-data--1b311350-8da4-401c-a1ab-607eeaffae65", "last_observed": "2019-08-03T03:17:19.223Z", "modified": "2019-08-03T03:17:19.223Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.20.1930265346\\551090926\" -childID 3 -isForBrowser -prefsHandle 4840 -prefMapHandle 4904 -prefsLen 6782 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 4832 tab", "created": "2019-08-03T03:17:19.223Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 14268, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.100" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:17:19.223Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:17:19.223Z", "id": "observed-data--c047dff6-b2fc-498d-b208-8e040af14d89", "last_observed": "2019-08-03T03:17:19.223Z", "modified": "2019-08-03T03:17:19.223Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.20.1930265346\\551090926\" -childID 3 -isForBrowser -prefsHandle 4840 -prefMapHandle 4904 -prefsLen 6782 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 4832 tab", "created": "2019-08-03T03:17:19.223Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 14268, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:18:36.422Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:18:36.42Z", "id": "observed-data--26139ea4-093e-4fa4-b590-579307be8baa", "last_observed": "2019-08-03T03:18:36.42Z", "modified": "2019-08-03T03:18:36.422Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.27.300999780\\919827419\" -childID 4 -isForBrowser -prefsHandle 9260 -prefMapHandle 9128 -prefsLen 8841 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 9116 tab", "created": "2019-08-03T03:18:36.42Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 12444, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:22:18.078Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:22:18.078Z", "id": "observed-data--6d49970a-6f7b-402c-8f5b-ea6801a2581d", "last_observed": "2019-08-03T03:22:18.078Z", "modified": "2019-08-03T03:22:18.078Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.34.1946687392\\922787283\" -childID 5 -isForBrowser -prefsHandle 8904 -prefMapHandle 8784 -prefsLen 9051 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 5144 tab", "created": "2019-08-03T03:22:18.078Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 10940, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:30:00.486Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:30:00.486Z", "id": "observed-data--60688871-d42d-4c7c-a669-9e8941143581", "last_observed": "2019-08-03T03:30:00.486Z", "modified": "2019-08-03T03:30:00.486Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.41.378653456\\431495287\" -childID 6 -isForBrowser -prefsHandle 7728 -prefMapHandle 7680 -prefsLen 9719 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 9008 tab", "created": "2019-08-03T03:30:00.486Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 192, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "172.16.0.104" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-03T03:30:00.486Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-03T03:30:00.486Z", "id": "observed-data--455f267f-5042-4659-a34f-d74d2c0860dc", "last_observed": "2019-08-03T03:30:00.486Z", "modified": "2019-08-03T03:30:00.486Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.41.378653456\\431495287\" -childID 6 -isForBrowser -prefsHandle 7728 -prefMapHandle 7680 -prefsLen 9719 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 9008 tab", "created": "2019-08-03T03:30:00.486Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 192, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-13T18:07:53.949Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-13T18:07:53.949Z", "id": "observed-data--0ab3f130-3666-4086-8d89-82fe88c04fe6", "last_observed": "2019-08-13T18:07:53.949Z", "modified": "2019-08-13T18:07:53.949Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k netsvcs -p -s BITS", "created": "2019-08-13T18:07:53.949Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5484, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 916, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.2" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.10" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-13T18:07:57.425Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-13T18:07:57.425Z", "id": "observed-data--c9b33025-d40f-4ecb-a7a2-c4dd237c0003", "last_observed": "2019-08-13T18:07:57.425Z", "modified": "2019-08-13T18:07:57.425Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV", "created": "2019-08-13T18:07:57.425Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8128, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 916, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.2" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.10" }, "8": { "type": "user-account", "user_id": "LOCAL SERVICE" } }, "type": "observed-data" }, { "created": "2019-08-20T18:57:31.272Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-20T18:57:31.27Z", "id": "observed-data--d5803fe8-e207-4eca-919e-239181494c64", "last_observed": "2019-08-20T18:57:31.27Z", "modified": "2019-08-20T18:57:31.272Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.48.1689885157\\455073494\" -childID 7 -isForBrowser -prefsHandle 6852 -prefMapHandle 5924 -prefsLen 10157 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 5532 tab", "created": "2019-08-20T18:57:31.27Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 17732, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "127.0.0.1" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.20" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-20T19:01:21.172Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-20T19:01:21.172Z", "id": "observed-data--2fe8daa7-94d1-4faa-aa87-363dc3a3425a", "last_observed": "2019-08-20T19:01:21.172Z", "modified": "2019-08-20T19:01:21.172Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k netsvcs -p -s BITS", "created": "2019-08-20T19:01:21.172Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 5692, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 916, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.2" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.10" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-20T19:01:37.798Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-20T19:01:37.798Z", "id": "observed-data--44049125-9103-48bd-9422-250f24cf55ca", "last_observed": "2019-08-20T19:01:37.798Z", "modified": "2019-08-20T19:01:37.798Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.55.451209701\\614427995\" -childID 8 -isForBrowser -prefsHandle 5804 -prefMapHandle 5556 -prefsLen 10929 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 9296 tab", "created": "2019-08-20T19:01:37.798Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 15872, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.30" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-20T19:03:25.524Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-20T19:03:25.524Z", "id": "observed-data--ea672070-7b82-412d-a69b-37af07111330", "last_observed": "2019-08-20T19:03:25.524Z", "modified": "2019-08-20T19:03:25.524Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.62.1359016828\\1829598521\" -childID 9 -isForBrowser -prefsHandle 6800 -prefMapHandle 6032 -prefsLen 10995 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 7704 tab", "created": "2019-08-20T19:03:25.524Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8672, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.30" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-20T19:05:52.771Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-20T19:05:52.771Z", "id": "observed-data--51776bb7-eb59-4b44-9f15-5135393e47f6", "last_observed": "2019-08-20T19:05:52.771Z", "modified": "2019-08-20T19:05:52.771Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.69.1509494980\\1887497192\" -childID 10 -isForBrowser -prefsHandle 5520 -prefMapHandle 5888 -prefsLen 11039 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 6324 tab", "created": "2019-08-20T19:05:52.771Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 17004, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.30" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-20T19:06:23.987Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-20T19:06:23.987Z", "id": "observed-data--70154370-2023-4eff-bc3e-d1d8ff4173a4", "last_observed": "2019-08-20T19:06:23.987Z", "modified": "2019-08-20T19:06:23.987Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "a57597c876be7215007dc60c1128704e" }, "name": "firefox.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"3464.76.1312397567\\1257583494\" -childID 11 -isForBrowser -prefsHandle 6848 -prefMapHandle 5740 -prefsLen 11062 -prefMapSize 191877 -parentBuildID 20190717172542 -greomni \"C:\\Program Files\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files\\Mozilla Firefox\\browser\" - 3464 \"\\\\.\\pipe\\gecko-crash-server-pipe.3464\" 7148 tab", "created": "2019-08-20T19:06:23.987Z", "creator_user_ref": "8", "name": "firefox.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 1264, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "firefox.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "firefox.exe", "pid": 3464, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.8" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.30" }, "8": { "type": "user-account", "user_id": "Local-User" } }, "type": "observed-data" }, { "created": "2019-08-20T19:51:17.684Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-20T19:51:17.684Z", "id": "observed-data--87b274bc-358a-4a45-bb92-9471b9564416", "last_observed": "2019-08-20T19:51:17.684Z", "modified": "2019-08-20T19:51:17.684Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k netsvcs -p -s BITS", "created": "2019-08-20T19:51:17.684Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 7908, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 916, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.2" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.10" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" }, { "created": "2019-08-20T21:57:01.022Z", "created_by_ref": "identity--8899d562-2667-4532-8e19-b4eca6c959bd", "first_observed": "2019-08-20T21:57:01.022Z", "id": "observed-data--b7767318-6cca-4cf8-9280-826ed5f31719", "last_observed": "2019-08-20T21:57:01.022Z", "modified": "2019-08-20T21:57:01.022Z", "number_observed": 1, "objects": { "0": { "hashes": { "MD5": "8a0a29438052faed8a2532da50455756" }, "name": "svctest.exe", "type": "file" }, "1": { "binary_ref": "0", "command_line": "C:\\File\\System\\svctest.exe -k netsvcs -p -s BITS", "created": "2019-08-20T21:57:01.022Z", "creator_user_ref": "8", "name": "svctest.exe", "opened_connection_refs": [ "6" ], "parent_ref": "3", "pid": 8636, "type": "process" }, "2": { "hashes": { "MD5": "00000000000000000000000000000000" }, "name": "services.exe", "type": "file" }, "3": { "binary_ref": "2", "name": "services.exe", "pid": 916, "type": "process" }, "4": { "type": "domain-name", "value": "test" }, "5": { "type": "ipv4-addr", "value": "192.168.0.2" }, "6": { "dst_ref": "5", "src_ref": "7", "type": "network-traffic", "protocols": [ "tcp" ] }, "7": { "type": "ipv4-addr", "value": "192.168.0.10" }, "8": { "type": "user-account", "user_id": "SYSTEM" } }, "type": "observed-data" } ], "type": "bundle" }