Date and Time,timestamp,Event ID,Account Name,Account Domain,Logon Type,Logon Process,Source IP,Workstation Name,Computer Name,Channel,Original Event Log 2020-09-15T23:32:10.232423+04:00,1600198330.232423,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768628 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x32a0d3 3 Kerberos Kerberos - 6747BCF0-DBAA-F21C-878B-EB339B03FA80 - - 0 0x0 - ::1 50441 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:34.957514+04:00,1600198294.957514,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768627 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x329baa 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50443 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:31.097681+04:00,1600198291.097681,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768622 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x320935 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50438 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:04.688967+04:00,1600198264.688967,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768621 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff89 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:30:32.190369+04:00,1600198232.190369,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768620 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff6e 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:29:51.517594+04:00,1600198191.517594,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768619 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31fb1a 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50437 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:29:51.507713+04:00,1600198191.507713,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768618 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31daf6 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50436 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:32:10.232423+04:00,1600198330.232423,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768628 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x32a0d3 3 Kerberos Kerberos - 6747BCF0-DBAA-F21C-878B-EB339B03FA80 - - 0 0x0 - ::1 50441 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:34.957514+04:00,1600198294.957514,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768627 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x329baa 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50443 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:31.097681+04:00,1600198291.097681,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768622 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x320935 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50438 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:04.688967+04:00,1600198264.688967,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768621 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff89 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:30:32.190369+04:00,1600198232.190369,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768620 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff6e 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:29:51.517594+04:00,1600198191.517594,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768619 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31fb1a 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50437 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:29:51.507713+04:00,1600198191.507713,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768618 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31daf6 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50436 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137225 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd964 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd8f6 %%1843 " 2020-09-09T17:18:27.714758+04:00,1599657507.714758,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137224 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd8f6 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd964 %%1842 " 2020-09-09T17:18:27.714613+04:00,1599657507.714613,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137223 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x25c C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-09T17:18:25.377120+04:00,1599657505.37712,4625,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4625 0 0 12544 0 0x8010000000000000 137222 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-0-0 IEUser MSEDGEWIN10 0xc000006d %%2313 0xc000006a 2 Chrome Negotiate MSEDGEWIN10 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 769798 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x85516e 3 Kerberos Kerberos - 063B0961-D1B7-6D2C-1FF3-98764C4FAC9D - - 0 0x0 - ::1 53668 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-17T14:57:44.272505+04:00,1600340264.272505,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 769794 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x853237 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 49959 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 769798 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x85516e 3 Kerberos Kerberos - 063B0961-D1B7-6D2C-1FF3-98764C4FAC9D - - 0 0x0 - ::1 53668 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-17T14:57:44.272505+04:00,1600340264.272505,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 769794 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x853237 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 49959 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-07T21:33:01.619364+04:00,1638898381.619364,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 329918 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1bc4 C:\Windows\System32\svchost.exe ::1 0 %%1833 - MalseclogonUser MalseclogonDomain %%1843 0x0 %%1842 " 2020-09-15T23:32:10.232423+04:00,1600198330.232423,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768628 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x32a0d3 3 Kerberos Kerberos - 6747BCF0-DBAA-F21C-878B-EB339B03FA80 - - 0 0x0 - ::1 50441 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:34.957514+04:00,1600198294.957514,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768627 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x329baa 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50443 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:31.097681+04:00,1600198291.097681,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768622 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x320935 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50438 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:04.688967+04:00,1600198264.688967,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768621 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff89 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:30:32.190369+04:00,1600198232.190369,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768620 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff6e 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:29:51.517594+04:00,1600198191.517594,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768619 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31fb1a 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50437 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:29:51.507713+04:00,1600198191.507713,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768618 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31daf6 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50436 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137225 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd964 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd8f6 %%1843 " 2020-09-09T17:18:27.714758+04:00,1599657507.714758,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137224 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd8f6 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd964 %%1842 " 2020-09-09T17:18:27.714613+04:00,1599657507.714613,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137223 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x25c C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-09T17:18:25.377120+04:00,1599657505.37712,4625,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4625 0 0 12544 0 0x8010000000000000 137222 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-0-0 IEUser MSEDGEWIN10 0xc000006d %%2313 0xc000006a 2 Chrome Negotiate MSEDGEWIN10 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - " 2022-02-16T14:37:25.097894+04:00,1645007845.097894,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988550 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x568d99 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64229 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.920925+04:00,1645007842.920925,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988547 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56874b 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64227 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.906213+04:00,1645007842.906213,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988544 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x5686d9 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64226 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.521180+04:00,1645007840.52118,4624,samir,3B,3,NtLmSsp,-,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988535 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567758 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - - - %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.450532+04:00,1645007840.450532,4624,samir,3B,3,NtLmSsp,172.16.66.25,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988529 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567515 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.25 50251 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.725428+04:00,1645007839.725428,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988525 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56738f 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64223 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.637257+04:00,1645007839.637257,4624,02694W-WIN10$,THREEBEESCO.COM,3,Kerberos,172.16.66.25,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988522 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-84104 02694W-WIN10$ THREEBEESCO.COM 0x567343 3 Kerberos Kerberos - 429CA5A3-EDFC-5657-17C3-C050C7B047F4 - - 0 0x0 - 172.16.66.25 50250 %%1840 - - - %%1843 0x0 %%1842 " 2021-12-07T21:33:01.619364+04:00,1638898381.619364,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 329918 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1bc4 C:\Windows\System32\svchost.exe ::1 0 %%1833 - MalseclogonUser MalseclogonDomain %%1843 0x0 %%1842 " 2021-12-07T21:33:01.619364+04:00,1638898381.619364,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 329918 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1bc4 C:\Windows\System32\svchost.exe ::1 0 %%1833 - MalseclogonUser MalseclogonDomain %%1843 0x0 %%1842 " 2020-09-15T23:32:10.232423+04:00,1600198330.232423,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768628 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x32a0d3 3 Kerberos Kerberos - 6747BCF0-DBAA-F21C-878B-EB339B03FA80 - - 0 0x0 - ::1 50441 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:34.957514+04:00,1600198294.957514,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768627 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x329baa 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50443 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:31.097681+04:00,1600198291.097681,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768622 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x320935 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50438 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:04.688967+04:00,1600198264.688967,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768621 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff89 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:30:32.190369+04:00,1600198232.190369,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768620 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff6e 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:29:51.517594+04:00,1600198191.517594,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768619 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31fb1a 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50437 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:29:51.507713+04:00,1600198191.507713,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768618 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31daf6 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50436 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137225 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd964 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd8f6 %%1843 " 2020-09-09T17:18:27.714758+04:00,1599657507.714758,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137224 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd8f6 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd964 %%1842 " 2020-09-09T17:18:27.714613+04:00,1599657507.714613,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137223 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x25c C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-09T17:18:25.377120+04:00,1599657505.37712,4625,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4625 0 0 12544 0 0x8010000000000000 137222 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-0-0 IEUser MSEDGEWIN10 0xc000006d %%2313 0xc000006a 2 Chrome Negotiate MSEDGEWIN10 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - " 2022-02-16T14:37:25.097894+04:00,1645007845.097894,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988550 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x568d99 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64229 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.920925+04:00,1645007842.920925,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988547 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56874b 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64227 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.906213+04:00,1645007842.906213,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988544 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x5686d9 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64226 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.521180+04:00,1645007840.52118,4624,samir,3B,3,NtLmSsp,-,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988535 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567758 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - - - %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.450532+04:00,1645007840.450532,4624,samir,3B,3,NtLmSsp,172.16.66.25,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988529 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567515 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.25 50251 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.725428+04:00,1645007839.725428,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988525 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56738f 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64223 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.637257+04:00,1645007839.637257,4624,02694W-WIN10$,THREEBEESCO.COM,3,Kerberos,172.16.66.25,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988522 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-84104 02694W-WIN10$ THREEBEESCO.COM 0x567343 3 Kerberos Kerberos - 429CA5A3-EDFC-5657-17C3-C050C7B047F4 - - 0 0x0 - 172.16.66.25 50250 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:17.200140+04:00,1600879817.20014,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772611 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x1137987 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 50107 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:17.194314+04:00,1600879817.194314,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772609 Security 01566s-win16-ir.threebeesco.com S-1-5-18 01566S-WIN16-IR$ 3B 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x244 C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:16.702981+04:00,1600879816.702981,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772607 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x1136e95 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 50106 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-07T21:33:01.619364+04:00,1638898381.619364,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 329918 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1bc4 C:\Windows\System32\svchost.exe ::1 0 %%1833 - MalseclogonUser MalseclogonDomain %%1843 0x0 %%1842 " 2020-09-15T23:32:10.232423+04:00,1600198330.232423,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768628 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x32a0d3 3 Kerberos Kerberos - 6747BCF0-DBAA-F21C-878B-EB339B03FA80 - - 0 0x0 - ::1 50441 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:34.957514+04:00,1600198294.957514,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768627 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x329baa 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50443 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:31.097681+04:00,1600198291.097681,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768622 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x320935 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50438 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:04.688967+04:00,1600198264.688967,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768621 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff89 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:30:32.190369+04:00,1600198232.190369,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768620 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff6e 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:29:51.517594+04:00,1600198191.517594,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768619 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31fb1a 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50437 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:29:51.507713+04:00,1600198191.507713,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768618 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31daf6 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50436 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137225 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd964 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd8f6 %%1843 " 2020-09-09T17:18:27.714758+04:00,1599657507.714758,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137224 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd8f6 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd964 %%1842 " 2020-09-09T17:18:27.714613+04:00,1599657507.714613,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137223 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x25c C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-09T17:18:25.377120+04:00,1599657505.37712,4625,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4625 0 0 12544 0 0x8010000000000000 137222 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-0-0 IEUser MSEDGEWIN10 0xc000006d %%2313 0xc000006a 2 Chrome Negotiate MSEDGEWIN10 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - " 2022-02-16T14:37:25.097894+04:00,1645007845.097894,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988550 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x568d99 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64229 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.920925+04:00,1645007842.920925,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988547 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56874b 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64227 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.906213+04:00,1645007842.906213,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988544 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x5686d9 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64226 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.521180+04:00,1645007840.52118,4624,samir,3B,3,NtLmSsp,-,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988535 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567758 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - - - %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.450532+04:00,1645007840.450532,4624,samir,3B,3,NtLmSsp,172.16.66.25,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988529 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567515 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.25 50251 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.725428+04:00,1645007839.725428,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988525 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56738f 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64223 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.637257+04:00,1645007839.637257,4624,02694W-WIN10$,THREEBEESCO.COM,3,Kerberos,172.16.66.25,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988522 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-84104 02694W-WIN10$ THREEBEESCO.COM 0x567343 3 Kerberos Kerberos - 429CA5A3-EDFC-5657-17C3-C050C7B047F4 - - 0 0x0 - 172.16.66.25 50250 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:17.200140+04:00,1600879817.20014,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772611 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x1137987 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 50107 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:17.194314+04:00,1600879817.194314,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772609 Security 01566s-win16-ir.threebeesco.com S-1-5-18 01566S-WIN16-IR$ 3B 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x244 C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:16.702981+04:00,1600879816.702981,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772607 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x1136e95 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 50106 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-07T21:33:01.619364+04:00,1638898381.619364,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 329918 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1bc4 C:\Windows\System32\svchost.exe ::1 0 %%1833 - MalseclogonUser MalseclogonDomain %%1843 0x0 %%1842 " 2021-12-07T21:33:01.619364+04:00,1638898381.619364,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 329918 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1bc4 C:\Windows\System32\svchost.exe ::1 0 %%1833 - MalseclogonUser MalseclogonDomain %%1843 0x0 %%1842 " 2019-02-02T13:17:27.629413+04:00,1549099047.629413,4624,ICORP-DC$,INTERNAL.CORP,3,Kerberos,::1,-,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65971 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-18 ICORP-DC$ INTERNAL.CORP 0x24db24 3 Kerberos Kerberos - 5A66FDFF-B4E8-5133-53A9-72A5DE1C31FB - - 0 0x0 - ::1 50152 %%1840 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:23.193671+04:00,1549099043.193671,4624,EXCHANGE$,ICORP,3,NtLmSsp,192.168.111.87,EXCHANGE,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65969 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-21-2895268558-4179327395-2773671012-1108 EXCHANGE$ ICORP 0x24daa6 3 NtLmSsp NTLM EXCHANGE 00000000-0000-0000-0000-000000000000 - NTLM V2 0 0x0 - 192.168.111.87 58128 %%1833 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:22.562534+04:00,1549099042.562534,4624,ICORP-DC$,INTERNAL.CORP,3,Kerberos,127.0.0.1,-,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65967 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-18 ICORP-DC$ INTERNAL.CORP 0x24c879 3 Kerberos Kerberos - 94BA67EA-8490-3C86-6DB7-DF74C9AA4449 - - 0 0x0 - 127.0.0.1 50151 %%1833 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:27.629413+04:00,1549099047.629413,4624,ICORP-DC$,INTERNAL.CORP,3,Kerberos,::1,-,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65971 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-18 ICORP-DC$ INTERNAL.CORP 0x24db24 3 Kerberos Kerberos - 5A66FDFF-B4E8-5133-53A9-72A5DE1C31FB - - 0 0x0 - ::1 50152 %%1840 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:23.193671+04:00,1549099043.193671,4624,EXCHANGE$,ICORP,3,NtLmSsp,192.168.111.87,EXCHANGE,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65969 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-21-2895268558-4179327395-2773671012-1108 EXCHANGE$ ICORP 0x24daa6 3 NtLmSsp NTLM EXCHANGE 00000000-0000-0000-0000-000000000000 - NTLM V2 0 0x0 - 192.168.111.87 58128 %%1833 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:22.562534+04:00,1549099042.562534,4624,ICORP-DC$,INTERNAL.CORP,3,Kerberos,127.0.0.1,-,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65967 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-18 ICORP-DC$ INTERNAL.CORP 0x24c879 3 Kerberos Kerberos - 94BA67EA-8490-3C86-6DB7-DF74C9AA4449 - - 0 0x0 - 127.0.0.1 50151 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 10113 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x2e4ce S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x38f87e 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1b90 C:\Windows\System32\svchost.exe ::1 0 %%1833 - l o %%1843 0x0 %%1843 " 2021-12-07T21:33:01.619364+04:00,1638898381.619364,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 329918 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1bc4 C:\Windows\System32\svchost.exe ::1 0 %%1833 - MalseclogonUser MalseclogonDomain %%1843 0x0 %%1842 " 2022-05-01T08:42:00.800072+04:00,1651380120.800072,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21373 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x82215a 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:54.272334+04:00,1651380114.272334,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21371 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x821f28 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:47.653255+04:00,1651380107.653255,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21369 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x821aab 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:37.642369+04:00,1651380097.642369,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21367 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x820d61 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63640 %%1833 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:27.629413+04:00,1549099047.629413,4624,ICORP-DC$,INTERNAL.CORP,3,Kerberos,::1,-,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65971 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-18 ICORP-DC$ INTERNAL.CORP 0x24db24 3 Kerberos Kerberos - 5A66FDFF-B4E8-5133-53A9-72A5DE1C31FB - - 0 0x0 - ::1 50152 %%1840 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:23.193671+04:00,1549099043.193671,4624,EXCHANGE$,ICORP,3,NtLmSsp,192.168.111.87,EXCHANGE,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65969 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-21-2895268558-4179327395-2773671012-1108 EXCHANGE$ ICORP 0x24daa6 3 NtLmSsp NTLM EXCHANGE 00000000-0000-0000-0000-000000000000 - NTLM V2 0 0x0 - 192.168.111.87 58128 %%1833 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:22.562534+04:00,1549099042.562534,4624,ICORP-DC$,INTERNAL.CORP,3,Kerberos,127.0.0.1,-,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65967 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-18 ICORP-DC$ INTERNAL.CORP 0x24c879 3 Kerberos Kerberos - 94BA67EA-8490-3C86-6DB7-DF74C9AA4449 - - 0 0x0 - 127.0.0.1 50151 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 10113 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x2e4ce S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x38f87e 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1b90 C:\Windows\System32\svchost.exe ::1 0 %%1833 - l o %%1843 0x0 %%1843 " 2021-12-07T21:33:01.619364+04:00,1638898381.619364,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 329918 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1bc4 C:\Windows\System32\svchost.exe ::1 0 %%1833 - MalseclogonUser MalseclogonDomain %%1843 0x0 %%1842 " 2022-05-01T08:42:00.800072+04:00,1651380120.800072,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21373 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x82215a 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:54.272334+04:00,1651380114.272334,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21371 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x821f28 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:47.653255+04:00,1651380107.653255,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21369 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x821aab 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:37.642369+04:00,1651380097.642369,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21367 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x820d61 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63640 %%1833 - - - %%1843 0x0 %%1842 " 2019-11-15T12:19:17.134469+04:00,1573805957.134469,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,127.0.0.1,-,alice.insecurebank.local,Security," 4624 1 0 12544 0 0x8020000000000000 25049 Security alice.insecurebank.local S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x1d12916 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 127.0.0.1 59336 %%1833 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 769798 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x85516e 3 Kerberos Kerberos - 063B0961-D1B7-6D2C-1FF3-98764C4FAC9D - - 0 0x0 - ::1 53668 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-17T14:57:44.272505+04:00,1600340264.272505,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 769794 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x853237 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 49959 %%1833 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:27.629413+04:00,1549099047.629413,4624,ICORP-DC$,INTERNAL.CORP,3,Kerberos,::1,-,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65971 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-18 ICORP-DC$ INTERNAL.CORP 0x24db24 3 Kerberos Kerberos - 5A66FDFF-B4E8-5133-53A9-72A5DE1C31FB - - 0 0x0 - ::1 50152 %%1840 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:23.193671+04:00,1549099043.193671,4624,EXCHANGE$,ICORP,3,NtLmSsp,192.168.111.87,EXCHANGE,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65969 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-21-2895268558-4179327395-2773671012-1108 EXCHANGE$ ICORP 0x24daa6 3 NtLmSsp NTLM EXCHANGE 00000000-0000-0000-0000-000000000000 - NTLM V2 0 0x0 - 192.168.111.87 58128 %%1833 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:22.562534+04:00,1549099042.562534,4624,ICORP-DC$,INTERNAL.CORP,3,Kerberos,127.0.0.1,-,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65967 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-18 ICORP-DC$ INTERNAL.CORP 0x24c879 3 Kerberos Kerberos - 94BA67EA-8490-3C86-6DB7-DF74C9AA4449 - - 0 0x0 - 127.0.0.1 50151 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 10113 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x2e4ce S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x38f87e 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1b90 C:\Windows\System32\svchost.exe ::1 0 %%1833 - l o %%1843 0x0 %%1843 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2982101 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x73b44c 3 Kerberos Kerberos - E8C9AC4A-31FC-C37F-B4D7-B3217C608858 - - 0 0x0 - ::1 64849 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-12T21:57:52.499428+04:00,1639331872.499428,4624,lgrove,3B,3,NtLmSsp,172.16.66.19,04246W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2982097 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-101606 lgrove 3B 0x738cf9 3 NtLmSsp NTLM 04246W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.19 50616 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-12T21:57:52.375084+04:00,1639331872.375084,4624,lgrove,3B,3,NtLmSsp,172.16.66.19,04246W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2982092 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-101606 lgrove 3B 0x738ce4 3 NtLmSsp NTLM 04246W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.19 50614 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-12T21:57:52.366793+04:00,1639331872.366793,4624,lgrove,3B,3,NtLmSsp,172.16.66.19,04246W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2982089 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-101606 lgrove 3B 0x738afd 3 NtLmSsp NTLM 04246W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.19 50613 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-12T21:57:52.313673+04:00,1639331872.313673,4624,lgrove,THREEBEESCO.COM,3,Kerberos,172.16.66.19,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2982084 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-101606 lgrove THREEBEESCO.COM 0x738ae4 3 Kerberos Kerberos - DCED4BA6-CF24-37EF-0627-B0E4EED7F565 - - 0 0x0 - 172.16.66.19 50609 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-07T21:33:01.619364+04:00,1638898381.619364,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 329918 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1bc4 C:\Windows\System32\svchost.exe ::1 0 %%1833 - MalseclogonUser MalseclogonDomain %%1843 0x0 %%1842 " 2022-05-01T08:42:00.800072+04:00,1651380120.800072,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21373 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x82215a 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:54.272334+04:00,1651380114.272334,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21371 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x821f28 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:47.653255+04:00,1651380107.653255,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21369 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x821aab 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:37.642369+04:00,1651380097.642369,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21367 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x820d61 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63640 %%1833 - - - %%1843 0x0 %%1842 " 2019-11-15T12:19:17.134469+04:00,1573805957.134469,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,127.0.0.1,-,alice.insecurebank.local,Security," 4624 1 0 12544 0 0x8020000000000000 25049 Security alice.insecurebank.local S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x1d12916 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 127.0.0.1 59336 %%1833 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171296 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x21aadb8 3 Kerberos Kerberos - 860D1189-6C67-C57B-59ED-C0676A052019 - - 0 0x0 - ::1 62863 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-02T15:47:57.263194+04:00,1599047277.263194,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171295 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x21aad4a 3 Kerberos Kerberos - 860D1189-6C67-C57B-59ED-C0676A052019 - - 0 0x0 - ::1 62862 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-02T15:47:57.252932+04:00,1599047277.252932,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171294 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x21aa47f 3 Kerberos Kerberos - 27FCE179-F80F-F6A6-7DF4-C247E783B072 - - 0 0x0 - ::1 62860 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-02T15:47:48.959767+04:00,1599047268.959767,4624,a-jbrown,THREEBEESCO.COM,3,Kerberos,172.16.66.142,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171292 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-1106 a-jbrown THREEBEESCO.COM 0x21a8c9a 3 Kerberos Kerberos - 467413FE-B054-D9AE-C758-B41105A3ECA9 - - 0 0x0 - 172.16.66.142 60726 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-02T15:47:48.842119+04:00,1599047268.842119,4624,a-jbrown,THREEBEESCO.COM,3,Kerberos,172.16.66.142,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171291 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-1106 a-jbrown THREEBEESCO.COM 0x21a8c80 3 Kerberos Kerberos - 467413FE-B054-D9AE-C758-B41105A3ECA9 - - 0 0x0 - 172.16.66.142 60728 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-02T15:47:48.823276+04:00,1599047268.823276,4624,a-jbrown,3B,3,NtLmSsp,172.16.66.142,04246W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171290 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-1106 a-jbrown 3B 0x21a8c68 3 NtLmSsp NTLM 04246W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.142 60726 %%1833 - - - %%1843 0x0 %%1842 " 2019-05-11T21:10:10.889320+04:00,1557594610.88932,4624,IEUser,IEWIN7,9,seclogo,::1,,IEWIN7,Security," 4624 0 0 12544 0 0x8020000000000000 18206 Security IEWIN7 S-1-5-21-3583694148-1414552638-2922671848-1000 IEUser IEWIN7 0x1371b S-1-5-21-3583694148-1414552638-2922671848-1000 IEUser IEWIN7 0x1bbdce 9 seclogo Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x3c8 C:\Windows\System32\svchost.exe ::1 0 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 769798 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x85516e 3 Kerberos Kerberos - 063B0961-D1B7-6D2C-1FF3-98764C4FAC9D - - 0 0x0 - ::1 53668 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-17T14:57:44.272505+04:00,1600340264.272505,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 769794 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x853237 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 49959 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:32:10.232423+04:00,1600198330.232423,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768628 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x32a0d3 3 Kerberos Kerberos - 6747BCF0-DBAA-F21C-878B-EB339B03FA80 - - 0 0x0 - ::1 50441 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:34.957514+04:00,1600198294.957514,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768627 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x329baa 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50443 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:31.097681+04:00,1600198291.097681,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768622 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x320935 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50438 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:04.688967+04:00,1600198264.688967,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768621 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff89 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:30:32.190369+04:00,1600198232.190369,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768620 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff6e 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:29:51.517594+04:00,1600198191.517594,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768619 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31fb1a 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50437 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:29:51.507713+04:00,1600198191.507713,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768618 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31daf6 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50436 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137225 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd964 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd8f6 %%1843 " 2020-09-09T17:18:27.714758+04:00,1599657507.714758,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137224 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd8f6 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd964 %%1842 " 2020-09-09T17:18:27.714613+04:00,1599657507.714613,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137223 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x25c C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-09T17:18:25.377120+04:00,1599657505.37712,4625,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4625 0 0 12544 0 0x8010000000000000 137222 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-0-0 IEUser MSEDGEWIN10 0xc000006d %%2313 0xc000006a 2 Chrome Negotiate MSEDGEWIN10 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - " 2022-02-16T14:37:25.097894+04:00,1645007845.097894,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988550 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x568d99 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64229 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.920925+04:00,1645007842.920925,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988547 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56874b 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64227 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.906213+04:00,1645007842.906213,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988544 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x5686d9 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64226 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.521180+04:00,1645007840.52118,4624,samir,3B,3,NtLmSsp,-,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988535 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567758 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - - - %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.450532+04:00,1645007840.450532,4624,samir,3B,3,NtLmSsp,172.16.66.25,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988529 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567515 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.25 50251 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.725428+04:00,1645007839.725428,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988525 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56738f 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64223 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.637257+04:00,1645007839.637257,4624,02694W-WIN10$,THREEBEESCO.COM,3,Kerberos,172.16.66.25,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988522 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-84104 02694W-WIN10$ THREEBEESCO.COM 0x567343 3 Kerberos Kerberos - 429CA5A3-EDFC-5657-17C3-C050C7B047F4 - - 0 0x0 - 172.16.66.25 50250 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:17.200140+04:00,1600879817.20014,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772611 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x1137987 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 50107 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:17.194314+04:00,1600879817.194314,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772609 Security 01566s-win16-ir.threebeesco.com S-1-5-18 01566S-WIN16-IR$ 3B 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x244 C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:16.702981+04:00,1600879816.702981,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772607 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x1136e95 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 50106 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:32:10.232423+04:00,1600198330.232423,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768628 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x32a0d3 3 Kerberos Kerberos - 6747BCF0-DBAA-F21C-878B-EB339B03FA80 - - 0 0x0 - ::1 50441 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:34.957514+04:00,1600198294.957514,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768627 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x329baa 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50443 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:31.097681+04:00,1600198291.097681,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768622 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x320935 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50438 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:04.688967+04:00,1600198264.688967,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768621 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff89 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:30:32.190369+04:00,1600198232.190369,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768620 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff6e 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:29:51.517594+04:00,1600198191.517594,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768619 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31fb1a 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50437 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:29:51.507713+04:00,1600198191.507713,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768618 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31daf6 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50436 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137225 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd964 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd8f6 %%1843 " 2020-09-09T17:18:27.714758+04:00,1599657507.714758,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137224 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd8f6 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd964 %%1842 " 2020-09-09T17:18:27.714613+04:00,1599657507.714613,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137223 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x25c C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-09T17:18:25.377120+04:00,1599657505.37712,4625,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4625 0 0 12544 0 0x8010000000000000 137222 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-0-0 IEUser MSEDGEWIN10 0xc000006d %%2313 0xc000006a 2 Chrome Negotiate MSEDGEWIN10 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - " 2022-02-16T14:37:25.097894+04:00,1645007845.097894,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988550 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x568d99 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64229 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.920925+04:00,1645007842.920925,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988547 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56874b 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64227 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.906213+04:00,1645007842.906213,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988544 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x5686d9 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64226 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.521180+04:00,1645007840.52118,4624,samir,3B,3,NtLmSsp,-,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988535 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567758 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - - - %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.450532+04:00,1645007840.450532,4624,samir,3B,3,NtLmSsp,172.16.66.25,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988529 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567515 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.25 50251 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.725428+04:00,1645007839.725428,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988525 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56738f 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64223 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.637257+04:00,1645007839.637257,4624,02694W-WIN10$,THREEBEESCO.COM,3,Kerberos,172.16.66.25,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988522 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-84104 02694W-WIN10$ THREEBEESCO.COM 0x567343 3 Kerberos Kerberos - 429CA5A3-EDFC-5657-17C3-C050C7B047F4 - - 0 0x0 - 172.16.66.25 50250 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:17.200140+04:00,1600879817.20014,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772611 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x1137987 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 50107 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:17.194314+04:00,1600879817.194314,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772609 Security 01566s-win16-ir.threebeesco.com S-1-5-18 01566S-WIN16-IR$ 3B 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x244 C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:16.702981+04:00,1600879816.702981,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772607 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x1136e95 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 50106 %%1833 - - - %%1843 0x0 %%1842 " 2022-04-26T02:17:47.059955+04:00,1650925067.059955,4624,Administrator,THREEBEESCO.COM,3,Kerberos,127.0.0.1,-,02694w-win10.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 72742 Security 02694w-win10.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator THREEBEESCO.COM 0x8a38de 3 Kerberos Kerberos - 35D5E180-95BD-9ED7-7EFE-C355D7215A87 - - 0 0x0 - 127.0.0.1 50163 %%1833 - - - %%1843 0x0 %%1842 " 2022-04-26T02:17:47.059955+04:00,1650925067.059955,4624,Administrator,THREEBEESCO.COM,3,Kerberos,127.0.0.1,-,02694w-win10.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 72742 Security 02694w-win10.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator THREEBEESCO.COM 0x8a38de 3 Kerberos Kerberos - 35D5E180-95BD-9ED7-7EFE-C355D7215A87 - - 0 0x0 - 127.0.0.1 50163 %%1833 - - - %%1843 0x0 %%1842 " 2019-03-18T15:06:29.911579+04:00,1552907189.911579,4624,user01,EXAMPLE,9,seclogo,::1,,PC01.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 432903 Security PC01.example.corp S-1-5-21-1587066498-1489273250-1035260531-1106 user01 EXAMPLE 0x18a7875 S-1-5-21-1587066498-1489273250-1035260531-1106 user01 EXAMPLE 0x4530f0f 9 seclogo Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x3ec C:\Windows\System32\svchost.exe ::1 0 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 769798 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x85516e 3 Kerberos Kerberos - 063B0961-D1B7-6D2C-1FF3-98764C4FAC9D - - 0 0x0 - ::1 53668 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-17T14:57:44.272505+04:00,1600340264.272505,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 769794 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x853237 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 49959 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,WIN-77LTAPHIQ1R$,EXAMPLE,3,Kerberos,::1,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 563342 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x116c7b 3 Kerberos Kerberos 5FDB15EE-2283-F23C-E23B-5E5DDB11BB9C - - 0 0x0 - ::1 55589 %%1833 " 2019-03-19T02:16:09.458302+04:00,1552947369.458302,4624,user01,EXAMPLE,3,Kerberos,10.0.2.17,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 563300 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-21-1587066498-1489273250-1035260531-1106 user01 EXAMPLE 0x110085 3 Kerberos Kerberos 31E347DC-FF67-08B3-EADC-1EC267B1975B - - 0 0x0 - 10.0.2.17 49249 %%1833 " 2019-03-19T02:15:49.676748+04:00,1552947349.676748,4624,Administrator,EXAMPLE,3,NtLmSsp,10.0.2.17,PC01,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 563297 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-21-1587066498-1489273250-1035260531-500 Administrator EXAMPLE 0x10fc09 3 NtLmSsp NTLM PC01 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 10.0.2.17 49249 %%1833 " 2019-03-19T02:15:49.614293+04:00,1552947349.614293,4624,Administrator,EXAMPLE,3,Kerberos,10.0.2.17,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 563294 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-21-1587066498-1489273250-1035260531-500 Administrator EXAMPLE 0x10fbeb 3 Kerberos Kerberos BAEC19DA-130D-80F0-BD26-78045EE64D62 - - 0 0x0 - 10.0.2.17 49249 %%1833 " 2019-03-19T02:15:49.598756+04:00,1552947349.598756,4624,Administrator,EXAMPLE,3,Kerberos,10.0.2.17,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 563285 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-21-1587066498-1489273250-1035260531-500 Administrator EXAMPLE 0x10fbcc 3 Kerberos Kerberos BAEC19DA-130D-80F0-BD26-78045EE64D62 - - 0 0x0 - 10.0.2.17 49244 %%1833 " 2019-03-19T02:15:49.567435+04:00,1552947349.567435,4624,WIN-77LTAPHIQ1R$,EXAMPLE,3,Kerberos,fe80::79bf:8ee2:433c:2567,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 563265 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x10fac2 3 Kerberos Kerberos 5FDB15EE-2283-F23C-E23B-5E5DDB11BB9C - - 0 0x0 - fe80::79bf:8ee2:433c:2567 55585 %%1840 " 2019-02-02T13:17:27.629413+04:00,1549099047.629413,4624,ICORP-DC$,INTERNAL.CORP,3,Kerberos,::1,-,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65971 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-18 ICORP-DC$ INTERNAL.CORP 0x24db24 3 Kerberos Kerberos - 5A66FDFF-B4E8-5133-53A9-72A5DE1C31FB - - 0 0x0 - ::1 50152 %%1840 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:23.193671+04:00,1549099043.193671,4624,EXCHANGE$,ICORP,3,NtLmSsp,192.168.111.87,EXCHANGE,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65969 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-21-2895268558-4179327395-2773671012-1108 EXCHANGE$ ICORP 0x24daa6 3 NtLmSsp NTLM EXCHANGE 00000000-0000-0000-0000-000000000000 - NTLM V2 0 0x0 - 192.168.111.87 58128 %%1833 - - - %%1843 0x0 %%1842 " 2019-02-02T13:17:22.562534+04:00,1549099042.562534,4624,ICORP-DC$,INTERNAL.CORP,3,Kerberos,127.0.0.1,-,ICORP-DC.internal.corp,Security," 4624 2 0 12544 0 0x8020000000000000 65967 Security ICORP-DC.internal.corp S-1-0-0 - - 0x0 S-1-5-18 ICORP-DC$ INTERNAL.CORP 0x24c879 3 Kerberos Kerberos - 94BA67EA-8490-3C86-6DB7-DF74C9AA4449 - - 0 0x0 - 127.0.0.1 50151 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 10113 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x2e4ce S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x38f87e 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1b90 C:\Windows\System32\svchost.exe ::1 0 %%1833 - l o %%1843 0x0 %%1843 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2982101 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x73b44c 3 Kerberos Kerberos - E8C9AC4A-31FC-C37F-B4D7-B3217C608858 - - 0 0x0 - ::1 64849 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-12T21:57:52.499428+04:00,1639331872.499428,4624,lgrove,3B,3,NtLmSsp,172.16.66.19,04246W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2982097 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-101606 lgrove 3B 0x738cf9 3 NtLmSsp NTLM 04246W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.19 50616 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-12T21:57:52.375084+04:00,1639331872.375084,4624,lgrove,3B,3,NtLmSsp,172.16.66.19,04246W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2982092 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-101606 lgrove 3B 0x738ce4 3 NtLmSsp NTLM 04246W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.19 50614 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-12T21:57:52.366793+04:00,1639331872.366793,4624,lgrove,3B,3,NtLmSsp,172.16.66.19,04246W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2982089 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-101606 lgrove 3B 0x738afd 3 NtLmSsp NTLM 04246W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.19 50613 %%1833 - - - %%1843 0x0 %%1842 " 2021-12-12T21:57:52.313673+04:00,1639331872.313673,4624,lgrove,THREEBEESCO.COM,3,Kerberos,172.16.66.19,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2982084 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-101606 lgrove THREEBEESCO.COM 0x738ae4 3 Kerberos Kerberos - DCED4BA6-CF24-37EF-0627-B0E4EED7F565 - - 0 0x0 - 172.16.66.19 50609 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,WIN-77LTAPHIQ1R$,EXAMPLE,3,Kerberos,fe80::79bf:8ee2:433c:2567,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 566894 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x18423d 3 Kerberos Kerberos 5FDB15EE-2283-F23C-E23B-5E5DDB11BB9C - - 0 0x0 - fe80::79bf:8ee2:433c:2567 56034 %%1840 " 2019-03-19T04:02:21.929554+04:00,1552953741.929554,4624,WIN-77LTAPHIQ1R$,EXAMPLE,3,Kerberos,::1,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 566889 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x184212 3 Kerberos Kerberos 5FDB15EE-2283-F23C-E23B-5E5DDB11BB9C - - 0 0x0 - ::1 56033 %%1833 " 2019-03-19T04:02:04.319945+04:00,1552953724.319945,4624,Administrator,EXAMPLE,3,NtLmSsp,-,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 566835 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-21-1587066498-1489273250-1035260531-500 Administrator EXAMPLE 0x17e2d2 3 NtLmSsp NTLM 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - - - %%1833 " 2019-03-19T04:02:04.241919+04:00,1552953724.241919,4624,Administrator,EXAMPLE,3,NtLmSsp,10.0.2.17,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 566830 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-21-1587066498-1489273250-1035260531-500 Administrator EXAMPLE 0x17e2c0 3 NtLmSsp NTLM 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 10.0.2.17 49237 %%1833 " 2019-03-19T04:02:04.226251+04:00,1552953724.226251,4624,Administrator,EXAMPLE,3,NtLmSsp,10.0.2.17,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 566826 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-21-1587066498-1489273250-1035260531-500 Administrator EXAMPLE 0x17e2aa 3 NtLmSsp NTLM 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 10.0.2.17 49236 %%1833 " 2019-03-19T04:02:04.210688+04:00,1552953724.210688,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,10.0.2.17,NULL,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 566823 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x17e29a 3 NtLmSsp NTLM NULL 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 10.0.2.17 49236 %%1833 " 2019-02-13T19:31:46.648513+04:00,1550071906.648513,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,10.0.2.17,PC01,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5323 Security PC02.example.corp S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x7d4f4 3 NtLmSsp NTLM PC01 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 10.0.2.17 49169 " 2019-02-13T19:31:46.648513+04:00,1550071906.648513,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,10.0.2.17,PC01,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5322 Security PC02.example.corp S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x73d02 3 NtLmSsp NTLM PC01 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 10.0.2.17 49168 " 2019-02-13T19:29:41.418441+04:00,1550071781.418441,4624,IEUser,PC02,2,User32,127.0.0.1,PC02,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5319 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-21-3583694148-1414552638-2922671848-1000 IEUser PC02 0x4a26d 2 User32 Negotiate PC02 00000000-0000-0000-0000-000000000000 - - 0 0x994 C:\Windows\System32\winlogon.exe 127.0.0.1 0 " 2019-02-13T19:27:53.653483+04:00,1550071673.653483,4624,IEUser,PC02,10,User32,127.0.0.1,PC02,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5315 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-21-3583694148-1414552638-2922671848-1000 IEUser PC02 0x45120 10 User32 Negotiate PC02 00000000-0000-0000-0000-000000000000 - - 0 0x658 C:\Windows\System32\winlogon.exe 127.0.0.1 49164 " 2019-02-13T19:25:17.799376+04:00,1550071517.799376,4624,IEUser,PC02,2,User32,127.0.0.1,PC02,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5308 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-21-3583694148-1414552638-2922671848-1000 IEUser PC02 0x21f73 2 User32 Negotiate PC02 00000000-0000-0000-0000-000000000000 - - 0 0x198 C:\Windows\System32\winlogon.exe 127.0.0.1 0 " 2019-02-13T19:19:51.259835+04:00,1550071191.259835,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5305 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x1d0 C:\Windows\System32\services.exe - - " 2019-02-13T19:17:38.779337+04:00,1550071058.779337,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5303 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x1d0 C:\Windows\System32\services.exe - - " 2019-02-13T19:17:38.018243+04:00,1550071058.018243,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,-,,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5302 Security PC02.example.corp S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x113f5 3 NtLmSsp NTLM 00000000-0000-0000-0000-000000000000 - NTLM V1 0 0x0 - - - " 2019-02-13T19:15:08.821952+04:00,1550070908.821952,4624,sshd_server,PC02,5,Advapi,-,PC02,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5299 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-21-3583694148-1414552638-2922671848-1002 sshd_server PC02 0xe509 5 Advapi Negotiate PC02 00000000-0000-0000-0000-000000000000 - - 0 0x1d0 C:\Windows\System32\services.exe - - " 2019-02-13T19:15:08.689762+04:00,1550070908.689762,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5296 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x1d0 C:\Windows\System32\services.exe - - " 2019-02-13T19:15:07.852561+04:00,1550070907.852561,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5293 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x1d0 C:\Windows\System32\services.exe - - " 2019-02-13T19:15:07.422945+04:00,1550070907.422945,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5291 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x1d0 C:\Windows\System32\services.exe - - " 2019-02-13T19:15:05.924796+04:00,1550070905.924796,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5289 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x1d0 C:\Windows\System32\services.exe - - " 2019-02-13T19:15:05.660417+04:00,1550070905.660417,4624,LOCAL SERVICE,NT AUTHORITY,5,Advapi,-,,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5287 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-19 LOCAL SERVICE NT AUTHORITY 0x3e5 5 Advapi Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x1d0 C:\Windows\System32\services.exe - - " 2019-02-13T19:15:05.065564+04:00,1550070905.065564,4624,NETWORK SERVICE,NT AUTHORITY,5,Advapi,-,,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5285 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-20 NETWORK SERVICE NT AUTHORITY 0x3e4 5 Advapi Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x1d0 C:\Windows\System32\services.exe - - " 2019-02-13T19:15:04.911343+04:00,1550070904.911343,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5283 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x1d0 C:\Windows\System32\services.exe - - " 2019-02-13T19:15:04.635947+04:00,1550070904.635947,4624,SYSTEM,NT AUTHORITY,0,-,-,-,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5281 Security PC02.example.corp S-1-0-0 - - 0x0 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 0 - - - 00000000-0000-0000-0000-000000000000 - - 0 0x4 - - " 2019-02-13T19:15:04.135227+04:00,1550070904.135227,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,,PC02.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 5278 Security PC02.example.corp S-1-5-18 PC02$ EXAMPLE 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x1d4 C:\Windows\System32\services.exe - - " 2022-04-26T02:17:47.059955+04:00,1650925067.059955,4624,Administrator,THREEBEESCO.COM,3,Kerberos,127.0.0.1,-,02694w-win10.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 72742 Security 02694w-win10.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator THREEBEESCO.COM 0x8a38de 3 Kerberos Kerberos - 35D5E180-95BD-9ED7-7EFE-C355D7215A87 - - 0 0x0 - 127.0.0.1 50163 %%1833 - - - %%1843 0x0 %%1842 " 2019-03-19T03:23:57.397648+04:00,1552951437.397648,4624,WIN-77LTAPHIQ1R$,EXAMPLE,3,Kerberos,fe80::79bf:8ee2:433c:2567,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 565611 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x15e25f 3 Kerberos Kerberos 1054A084-EFFD-F992-9C74-63873C88272E - - 0 0x0 - fe80::79bf:8ee2:433c:2567 55873 %%1840 " 2019-03-19T03:23:52.507387+04:00,1552951432.507387,4624,user01,EXAMPLE,3,Kerberos,10.0.2.17,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 565599 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-21-1587066498-1489273250-1035260531-1106 user01 EXAMPLE 0x15e1a7 3 Kerberos Kerberos 14CCCD18-A781-AC28-C773-EA57D49F4B90 - - 0 0x0 - 10.0.2.17 49222 %%1840 " 2019-03-19T03:23:51.772355+04:00,1552951431.772355,4624,WIN-77LTAPHIQ1R$,EXAMPLE,3,Kerberos,fe80::79bf:8ee2:433c:2567,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 565596 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x15e162 3 Kerberos Kerberos 5FDB15EE-2283-F23C-E23B-5E5DDB11BB9C - - 0 0x0 - fe80::79bf:8ee2:433c:2567 55872 %%1840 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,WIN-77LTAPHIQ1R$,EXAMPLE,3,Kerberos,::1,,WIN-77LTAPHIQ1R.example.corp,Security," 4624 1 0 12544 0 0x8020000000000000 565653 Security WIN-77LTAPHIQ1R.example.corp S-1-0-0 - - 0x0 S-1-5-18 WIN-77LTAPHIQ1R$ EXAMPLE 0x16792b 3 Kerberos Kerberos 5FDB15EE-2283-F23C-E23B-5E5DDB11BB9C - - 0 0x0 - ::1 55878 %%1833 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,3,Advapi,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 161473 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1009 svc01 MSEDGEWIN10 0x10b6b3 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x22afa1 3 Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x140c C:\Windows\System32\inetsrv\w3wp.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2019-05-11T21:10:10.889320+04:00,1557594610.88932,4624,IEUser,IEWIN7,9,seclogo,::1,,IEWIN7,Security," 4624 0 0 12544 0 0x8020000000000000 18206 Security IEWIN7 S-1-5-21-3583694148-1414552638-2922671848-1000 IEUser IEWIN7 0x1371b S-1-5-21-3583694148-1414552638-2922671848-1000 IEUser IEWIN7 0x1bbdce 9 seclogo Negotiate 00000000-0000-0000-0000-000000000000 - - 0 0x3c8 C:\Windows\System32\svchost.exe ::1 0 " 2020-09-15T23:32:10.232423+04:00,1600198330.232423,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768628 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x32a0d3 3 Kerberos Kerberos - 6747BCF0-DBAA-F21C-878B-EB339B03FA80 - - 0 0x0 - ::1 50441 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:34.957514+04:00,1600198294.957514,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768627 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x329baa 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50443 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:31.097681+04:00,1600198291.097681,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768622 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x320935 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50438 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:31:04.688967+04:00,1600198264.688967,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768621 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff89 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:30:32.190369+04:00,1600198232.190369,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,172.16.66.37,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768620 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x31ff6e 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 172.16.66.37 49707 %%1833 - - - %%1843 0x0 %%1843 " 2020-09-15T23:29:51.517594+04:00,1600198191.517594,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768619 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31fb1a 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50437 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-15T23:29:51.507713+04:00,1600198191.507713,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 768618 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x31daf6 3 Kerberos Kerberos - 1EC715BD-2DAC-8C05-8940-40F79E2D2D52 - - 0 0x0 - ::1 50436 %%1833 - - - %%1843 0x0 %%1842 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137225 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd964 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd8f6 %%1843 " 2020-09-09T17:18:27.714758+04:00,1599657507.714758,4624,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137224 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x1cd8f6 2 Chrome Negotiate MSEDGEWIN10 00000000-0000-0000-0000-000000000000 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - %%1833 - - - %%1843 0x1cd964 %%1842 " 2020-09-09T17:18:27.714613+04:00,1599657507.714613,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 137223 Security MSEDGEWIN10 S-1-5-18 MSEDGEWIN10$ WORKGROUP 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x25c C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-09T17:18:25.377120+04:00,1599657505.37712,4625,IEUser,MSEDGEWIN10,2,Chrome,-,MSEDGEWIN10,MSEDGEWIN10,Security," 4625 0 0 12544 0 0x8010000000000000 137222 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x79e59 S-1-0-0 IEUser MSEDGEWIN10 0xc000006d %%2313 0xc000006a 2 Chrome Negotiate MSEDGEWIN10 - - 0 0x1358 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - - " 2022-02-16T14:37:25.097894+04:00,1645007845.097894,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988550 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x568d99 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64229 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.920925+04:00,1645007842.920925,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988547 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56874b 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64227 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:22.906213+04:00,1645007842.906213,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988544 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x5686d9 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64226 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.521180+04:00,1645007840.52118,4624,samir,3B,3,NtLmSsp,-,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988535 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567758 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - - - %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:20.450532+04:00,1645007840.450532,4624,samir,3B,3,NtLmSsp,172.16.66.25,02694W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988529 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-220106 samir 3B 0x567515 3 NtLmSsp NTLM 02694W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.25 50251 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.725428+04:00,1645007839.725428,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988525 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x56738f 3 Kerberos Kerberos - B683BAFB-5884-30E1-12DA-31368F04511D - - 0 0x0 - ::1 64223 %%1833 - - - %%1843 0x0 %%1842 " 2022-02-16T14:37:19.637257+04:00,1645007839.637257,4624,02694W-WIN10$,THREEBEESCO.COM,3,Kerberos,172.16.66.25,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2988522 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-84104 02694W-WIN10$ THREEBEESCO.COM 0x567343 3 Kerberos Kerberos - 429CA5A3-EDFC-5657-17C3-C050C7B047F4 - - 0 0x0 - 172.16.66.25 50250 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:17.200140+04:00,1600879817.20014,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772611 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x1137987 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 50107 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:17.194314+04:00,1600879817.194314,4624,SYSTEM,NT AUTHORITY,5,Advapi,-,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772609 Security 01566s-win16-ir.threebeesco.com S-1-5-18 01566S-WIN16-IR$ 3B 0x3e7 S-1-5-18 SYSTEM NT AUTHORITY 0x3e7 5 Advapi Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x244 C:\Windows\System32\services.exe - - %%1833 - - - %%1843 0x0 %%1842 " 2020-09-23T20:50:16.702981+04:00,1600879816.702981,4624,Administrator,3B,3,NtLmSsp,172.16.66.37,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 772607 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-500 Administrator 3B 0x1136e95 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.37 50106 %%1833 - - - %%1843 0x0 %%1842 " 2019-02-13T22:04:58.363696+04:00,1550081098.363696,4624,admin01,EXAMPLE,10,User32,127.0.0.1,PC01,PC01.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 227762 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 S-1-5-21-1587066498-1489273250-1035260531-1108 admin01 EXAMPLE 0x14a321 10 User32 Negotiate PC01 AF83A89C-C68A-5397-5AC6-24A0C4D2BAF6 - - 0 0x4b8 C:\Windows\System32\winlogon.exe 127.0.0.1 49274 " 2019-02-13T22:04:57.462400+04:00,1550081097.4624,4624,admin01,EXAMPLE,3,NtLmSsp,-,PC02,PC01.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 227747 Security PC01.example.corp S-1-0-0 - - 0x0 S-1-5-21-1587066498-1489273250-1035260531-1108 admin01 EXAMPLE 0x148f5d 3 NtLmSsp NTLM PC02 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - - - " 2019-02-13T22:04:45.905783+04:00,1550081085.905783,4624,admin01,EXAMPLE,3,NtLmSsp,-,PC02,PC01.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 227740 Security PC01.example.corp S-1-0-0 - - 0x0 S-1-5-21-1587066498-1489273250-1035260531-1108 admin01 EXAMPLE 0x14871d 3 NtLmSsp NTLM PC02 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - - - " 2019-02-13T22:02:05.418087+04:00,1550080925.418087,4624,user01,EXAMPLE,7,Negotiat,-,PC01,PC01.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 227708 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 S-1-5-21-1587066498-1489273250-1035260531-1106 user01 EXAMPLE 0x1414d9 7 Negotiat Negotiate PC01 42DAF7A9-F185-F292-0EBD-B86A26624D31 - - 0 0x208 C:\Windows\System32\lsass.exe - - " 2019-02-13T22:02:04.436676+04:00,1550080924.436676,4624,user01,EXAMPLE,11,User32,127.0.0.1,PC01,PC01.example.corp,Security," 4624 0 0 12544 0 0x8020000000000000 227701 Security PC01.example.corp S-1-5-18 PC01$ EXAMPLE 0x3e7 S-1-5-21-1587066498-1489273250-1035260531-1106 user01 EXAMPLE 0x1414c8 11 User32 Negotiate PC01 00000000-0000-0000-0000-000000000000 - - 0 0x704 C:\Windows\System32\winlogon.exe 127.0.0.1 0 " 2021-12-07T21:33:01.619364+04:00,1638898381.619364,4624,IEUser,MSEDGEWIN10,9,seclogo,::1,-,MSEDGEWIN10,Security," 4624 2 0 12544 0 0x8020000000000000 329918 Security MSEDGEWIN10 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x53ca2 S-1-5-21-3461203602-4096304019-2269080069-1000 IEUser MSEDGEWIN10 0x16e3db3 9 seclogo Negotiate - 00000000-0000-0000-0000-000000000000 - - 0 0x1bc4 C:\Windows\System32\svchost.exe ::1 0 %%1833 - MalseclogonUser MalseclogonDomain %%1843 0x0 %%1842 " 2022-05-01T08:42:00.800072+04:00,1651380120.800072,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21373 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x82215a 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:54.272334+04:00,1651380114.272334,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21371 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x821f28 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:47.653255+04:00,1651380107.653255,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21369 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x821aab 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63652 %%1833 - - - %%1843 0x0 %%1842 " 2022-05-01T08:41:37.642369+04:00,1651380097.642369,4624,Administrator,WINLAB.LOCAL,3,Kerberos,192.168.1.219,-,wind10.winlab.local,Security," 4624 2 0 12544 0 0x8020000000000000 21367 Security wind10.winlab.local S-1-0-0 - - 0x0 S-1-5-21-81107902-1099128984-1836738286-500 Administrator WINLAB.LOCAL 0x820d61 3 Kerberos Kerberos - 59CEFB69-4F9D-7486-C449-471E00B814E3 - - 0 0x0 - 192.168.1.219 63640 %%1833 - - - %%1843 0x0 %%1842 " 2019-11-15T12:19:17.134469+04:00,1573805957.134469,4624,ANONYMOUS LOGON,NT AUTHORITY,3,NtLmSsp,127.0.0.1,-,alice.insecurebank.local,Security," 4624 1 0 12544 0 0x8020000000000000 25049 Security alice.insecurebank.local S-1-0-0 - - 0x0 S-1-5-7 ANONYMOUS LOGON NT AUTHORITY 0x1d12916 3 NtLmSsp NTLM - 00000000-0000-0000-0000-000000000000 - NTLM V1 128 0x0 - 127.0.0.1 59336 %%1833 " 1601-01-01T04:00:00+04:00,-11644473600.0,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171296 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x21aadb8 3 Kerberos Kerberos - 860D1189-6C67-C57B-59ED-C0676A052019 - - 0 0x0 - ::1 62863 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-02T15:47:57.263194+04:00,1599047277.263194,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171295 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x21aad4a 3 Kerberos Kerberos - 860D1189-6C67-C57B-59ED-C0676A052019 - - 0 0x0 - ::1 62862 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-02T15:47:57.252932+04:00,1599047277.252932,4624,01566S-WIN16-IR$,THREEBEESCO.COM,3,Kerberos,::1,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171294 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-18 01566S-WIN16-IR$ THREEBEESCO.COM 0x21aa47f 3 Kerberos Kerberos - 27FCE179-F80F-F6A6-7DF4-C247E783B072 - - 0 0x0 - ::1 62860 %%1840 - - - %%1843 0x0 %%1842 " 2020-09-02T15:47:48.959767+04:00,1599047268.959767,4624,a-jbrown,THREEBEESCO.COM,3,Kerberos,172.16.66.142,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171292 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-1106 a-jbrown THREEBEESCO.COM 0x21a8c9a 3 Kerberos Kerberos - 467413FE-B054-D9AE-C758-B41105A3ECA9 - - 0 0x0 - 172.16.66.142 60726 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-02T15:47:48.842119+04:00,1599047268.842119,4624,a-jbrown,THREEBEESCO.COM,3,Kerberos,172.16.66.142,-,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171291 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-1106 a-jbrown THREEBEESCO.COM 0x21a8c80 3 Kerberos Kerberos - 467413FE-B054-D9AE-C758-B41105A3ECA9 - - 0 0x0 - 172.16.66.142 60728 %%1833 - - - %%1843 0x0 %%1842 " 2020-09-02T15:47:48.823276+04:00,1599047268.823276,4624,a-jbrown,3B,3,NtLmSsp,172.16.66.142,04246W-WIN10,01566s-win16-ir.threebeesco.com,Security," 4624 2 0 12544 0 0x8020000000000000 2171290 Security 01566s-win16-ir.threebeesco.com S-1-0-0 - - 0x0 S-1-5-21-308926384-506822093-3341789130-1106 a-jbrown 3B 0x21a8c68 3 NtLmSsp NTLM 04246W-WIN10 00000000-0000-0000-0000-000000000000 - NTLM V2 128 0x0 - 172.16.66.142 60726 %%1833 - - - %%1843 0x0 %%1842 "