Under Review

listening_ports

listening_ports lists processes with listening ports

SCHEMA

address string IPv4 address target
name string Name of the process
path string Full path to the process
pid long Process (or thread) ID
port int

Transport layer port

Query

-- listening_ports INFO
SELECT 
   -- Device ID DETAILS
   meta_hostname, meta_ip_address, 

   -- Query Details
   query_name, address, name, path, pid, port,

   -- Decoration 
   meta_boot_time, meta_eid, meta_endpoint_type, 
   meta_ip_mask, meta_mac_address, meta_os_name, meta_os_platform, meta_os_type,
   meta_os_version, meta_public_ip, meta_query_pack_version, meta_username,

   --- Generic
   calendar_time, counter, epoch, host_identifier, numerics
   osquery_action, unix_time,

   -- Data Lake
   customer_id, endpoint_id, upload_size

FROM xdr_data
WHERE query_name = 'listening_ports'

RESULTS

+-----------------+-------------------+-----------------+-----------------+------------------+-------------------------------------------------------------------+-------+--------+------------------+--------------------------------------+----------------------+----------------+--------------------+------------------------------+--------------------+----------------+-------------------+------------------+---------------------------+-----------------+----------------------+-----------+------------+-------------------+------------------+----------------------+--------------------------------------+--------------------------------------+---------------+
| meta_hostname   | meta_ip_address   | query_name      | address         | name             | path                                                              |   pid |   port |   meta_boot_time | meta_eid                             | meta_endpoint_type   | meta_ip_mask   | meta_mac_address   | meta_os_name                 | meta_os_platform   | meta_os_type   | meta_os_version   | meta_public_ip   | meta_query_pack_version   | meta_username   | calendar_time        |   counter |      epoch | host_identifier   | osquery_action   | unix_time            | customer_id                          | endpoint_id                          |   upload_size |
|-----------------+-------------------+-----------------+-----------------+------------------+-------------------------------------------------------------------+-------+--------+------------------+--------------------------------------+----------------------+----------------+--------------------+------------------------------+--------------------+----------------+-------------------+------------------+---------------------------+-----------------+----------------------+-----------+------------+-------------------+------------------+----------------------+--------------------------------------+--------------------------------------+---------------|
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  51695 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T18:52:17Z |        65 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T18:52:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  51738 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T18:52:17Z |        65 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T18:52:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  51774 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T18:52:17Z |        65 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T18:52:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| Victim4-Win10   | 192.168.100.162   | listening_ports | ::1             | [System Process] |                                                                   |     0 |  63508 |       1601910644 | 2fd10d5e-3267-4476-aa1c-182846a3eac0 | computer             | 255.255.255.0  | 00:50:56:3c:c7:00  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T10:13:28Z |        52 | 1602321709 | Victim4-Win10     | False            | 2020-10-12T10:13:28Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | f21dd0e5-2376-4467-aac1-8182643aae0c |           712 |
| Victim4-Win10   | 192.168.100.162   | listening_ports | ::1             | [System Process] |                                                                   |     0 |  63509 |       1601910644 | 2fd10d5e-3267-4476-aa1c-182846a3eac0 | computer             | 255.255.255.0  | 00:50:56:3c:c7:00  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T10:13:28Z |        52 | 1602321709 | Victim4-Win10     | False            | 2020-10-12T10:13:28Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | f21dd0e5-2376-4467-aac1-8182643aae0c |           712 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  59462 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T10:43:03Z |        57 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T10:43:03Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  59842 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T10:43:03Z |        57 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T10:43:03Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  60293 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T10:43:03Z |        57 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T10:43:03Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  59231 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T04:35:53Z |        51 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T04:35:53Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  59248 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T04:35:53Z |        51 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T04:35:53Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  59274 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T04:35:53Z |        51 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T04:35:53Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  52766 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T19:53:17Z |        66 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T19:53:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  52795 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T19:53:17Z |        66 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T19:53:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  52819 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T19:53:17Z |        66 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T19:53:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  49936 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T12:45:02Z |        59 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T12:45:02Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  50021 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T12:45:02Z |        59 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T12:45:02Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  50083 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T12:45:02Z |        59 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T12:45:02Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  50370 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f |                      | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T03:15:14Z |        49 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T03:15:14Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  50402 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f |                      | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T03:15:14Z |        49 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T03:15:14Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  60105 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T05:36:54Z |        52 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T05:36:54Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  60136 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T05:36:54Z |        52 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T05:36:54Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  60170 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T05:36:54Z |        52 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T05:36:54Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  61423 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T11:44:01Z |        58 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T11:44:01Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  61454 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T11:44:01Z |        58 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T11:44:01Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  61475 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T11:44:01Z |        58 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T11:44:01Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  51391 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T13:46:03Z |        60 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T13:46:03Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  51413 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T13:46:03Z |        60 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T13:46:03Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  51446 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-12T13:46:03Z |        60 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-12T13:46:03Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  59543 |       1601472789 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-08T22:26:11Z |       114 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-08T22:26:11Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           787 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  59565 |       1601472789 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-08T22:26:11Z |       114 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-08T22:26:11Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           787 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  59585 |       1601472789 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-08T22:26:11Z |       114 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-08T22:26:11Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           787 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  62858 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T10:21:29Z |        33 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T10:21:29Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  62884 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T10:21:29Z |        33 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T10:21:29Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  62911 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T10:21:29Z |        33 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T10:21:29Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  54089 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T11:22:29Z |        34 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T11:22:29Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  54120 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T11:22:29Z |        34 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T11:22:29Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  54147 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T11:22:29Z |        34 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T11:22:29Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  64107 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f |                      | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T00:12:12Z |        46 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T00:12:12Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  64129 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f |                      | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T00:12:12Z |        46 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T00:12:12Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  64156 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f |                      | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T00:12:12Z |        46 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T00:12:12Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| Victim4-Win10   | 192.168.100.162   | listening_ports | ::1             | [System Process] |                                                                   |     0 |  50680 |       1601910647 | 2fd10d5e-3267-4476-aa1c-182846a3eac0 |                      | 255.255.255.0  | 00:50:56:3c:c7:00  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T00:36:16Z |        40 | 1601806909 | Victim4-Win10     | False            | 2020-10-06T00:36:16Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | f21dd0e5-2376-4467-aac1-8182643aae0c |           712 |
| Victim4-Win10   | 192.168.100.162   | listening_ports | ::1             | [System Process] |                                                                   |     0 |  50681 |       1601910647 | 2fd10d5e-3267-4476-aa1c-182846a3eac0 |                      | 255.255.255.0  | 00:50:56:3c:c7:00  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T00:36:16Z |        40 | 1601806909 | Victim4-Win10     | False            | 2020-10-06T00:36:16Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | f21dd0e5-2376-4467-aac1-8182643aae0c |           712 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  64967 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f |                      | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T01:13:12Z |        47 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T01:13:12Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  64992 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f |                      | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T01:13:12Z |        47 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T01:13:12Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  60442 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T18:36:05Z |        64 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T18:36:05Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  60675 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T18:36:05Z |        64 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T18:36:05Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  60708 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T18:36:05Z |        64 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T18:36:05Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  62555 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T19:37:06Z |        65 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T19:37:06Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  62587 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T19:37:06Z |        65 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T19:37:06Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  62615 |       1601472790 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-06T19:37:06Z |        65 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-06T19:37:06Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  53795 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T00:08:14Z |        23 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T00:08:14Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  53820 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T00:08:14Z |        23 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T00:08:14Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  53844 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T00:08:14Z |        23 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T00:08:14Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  60405 |       1601472789 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-08T23:27:12Z |       115 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-08T23:27:12Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           787 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  60428 |       1601472789 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-08T23:27:12Z |       115 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-08T23:27:12Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           787 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  60454 |       1601472789 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-08T23:27:12Z |       115 | 1601772041 | DESKTOP-RB61UC8   | False            | 2020-10-08T23:27:12Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           787 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  54623 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T01:09:14Z |        24 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T01:09:14Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  54654 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T01:09:14Z |        24 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T01:09:14Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| DESKTOP-RB61UC8 | 192.168.1.173     | listening_ports | ::1             | vmware-hostd.exe | C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe |  7424 |  54681 |       1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer             | 255.255.255.0  | 5c:ea:1d:c1:aa:55  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.19041        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T01:09:14Z |        24 | 1602286841 | DESKTOP-RB61UC8   | False            | 2020-10-11T01:09:14Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 |           786 |
| Victim4-Win10   | 192.168.100.162   | listening_ports | ::1             | [System Process] |                                                                   |     0 |  60849 |       1601910645 | 2fd10d5e-3267-4476-aa1c-182846a3eac0 | computer             | 255.255.255.0  | 00:50:56:3c:c7:00  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T02:00:31Z |        17 | 1602321709 | Victim4-Win10     | False            | 2020-10-11T02:00:31Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | f21dd0e5-2376-4467-aac1-8182643aae0c |           712 |
| Victim4-Win10   | 192.168.100.162   | listening_ports | ::1             | [System Process] |                                                                   |     0 |  60850 |       1601910645 | 2fd10d5e-3267-4476-aa1c-182846a3eac0 | computer             | 255.255.255.0  | 00:50:56:3c:c7:00  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T02:00:31Z |        17 | 1602321709 | Victim4-Win10     | False            | 2020-10-11T02:00:31Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | f21dd0e5-2376-4467-aac1-8182643aae0c |           712 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | 0.0.0.0         | svchost.exe      | C:\Windows\System32\svchost.exe                                   |   984 |    135 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           742 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | 0.0.0.0         | System           |                                                                   |     4 |    445 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           701 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | 0.0.0.0         | System           |                                                                   |     4 |   5985 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           702 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | 0.0.0.0         | System           |                                                                   |     4 |  47001 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           703 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | 0.0.0.0         | wininit.exe      | C:\Windows\System32\wininit.exe                                   |   460 |  49152 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           744 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | 0.0.0.0         | svchost.exe      | C:\Windows\System32\svchost.exe                                   |  1080 |  49153 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           745 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | 0.0.0.0         | lsass.exe        | C:\Windows\System32\lsass.exe                                     |   556 |  49154 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           740 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | 0.0.0.0         | svchost.exe      | C:\Windows\System32\svchost.exe                                   |  1244 |  49155 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           745 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | 0.0.0.0         | services.exe     | C:\Windows\System32\services.exe                                  |   528 |  49158 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           746 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | 0.0.0.0         | svchost.exe      | C:\Windows\System32\svchost.exe                                   |  4524 |  49161 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           745 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | 192.168.100.164 | System           |                                                                   |     4 |    139 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           709 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | ::              | svchost.exe      | C:\Windows\System32\svchost.exe                                   |   984 |    135 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           737 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | ::              | System           |                                                                   |     4 |    445 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           696 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | ::              | System           |                                                                   |     4 |   5985 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           697 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | ::              | System           |                                                                   |     4 |  47001 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           698 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | ::              | wininit.exe      | C:\Windows\System32\wininit.exe                                   |   460 |  49152 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           739 |
| Victim1-EDR     | 192.168.100.164   | listening_ports | ::              | svchost.exe      | C:\Windows\System32\svchost.exe                                   |  1080 |  49153 |       1601905070 | 3d5d8411-6066-04f4-4872-ec787ed9b973 |                      | 255.255.255.0  | 00:50:56:25:94:3c  | Microsoft Windows 7 Ultimate | windows            | client         | 6.1.7601          | 73.69.54.187     | 1.1.12                    | test            | 2020-10-06T11:32:23Z |         0 | 1601805150 | Victim1-EDR       | False            | 2020-10-06T11:32:23Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | d3d54811-0666-404f-8427-ce87e79d9b37 |           740 |

Karl_Ackerman
Unfiltered HTML