new-events.json

{"Event":{"EventData":{"CommandLine":"powershell -Command -","Company":"Microsoft Corporation","CurrentDirectory":"\\\\vboxsvr\\test\\","Description":"Windows PowerShell","FileVersion":"10.0.14393.0 (rs1_release.160715-1616)","Hashes":"SHA1=044A0CF1F6BC478A7172BF207EEF1E201A18BA02","Image":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe","IntegrityLevel":"High","LogonGuid":"{B2796A13-A39F-5B00-0000-0020190B3200}","LogonId":"0x320b19","ParentCommandLine":"\"\\\\vboxsvr\\test\\release\\windows\\whids-v1.2-amd64.exe\" -dns -c all -r .\\all.gen","ParentImage":"\\\\vboxsvr\\test\\release\\windows\\whids-v1.2-amd64.exe","ParentProcessGuid":"{B2796A13-C047-5B23-0000-001060EC1902}","ParentProcessId":"6256","ProcessGuid":"{B2796A13-C049-5B23-0000-00107F2B1A02}","ProcessId":"4760","Product":"Microsoft® Windows® Operating System","TerminalSessionId":"1","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-06-15 13:34:01.745"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"1","EventRecordID":"5657","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"1","TimeCreated":{"SystemTime":"2018-06-15T13:34:01.757594100Z"},"Version":"5"}}}
{"Event":{"EventData":{"CommandLine":"ipconfig.exe /flushdns","Company":"Microsoft Corporation","CurrentDirectory":"\\\\vboxsvr\\test\\","Description":"IP Configuration Utility","FileVersion":"10.0.14393.0 (rs1_release.160715-1616)","Hashes":"SHA1=A95BEAA8B81FD799DB6051A79D959908FFBDB22F","Image":"C:\\Windows\\System32\\ipconfig.exe","IntegrityLevel":"High","LogonGuid":"{B2796A13-A39F-5B00-0000-0020190B3200}","LogonId":"0x320b19","ParentCommandLine":"\"\\\\vboxsvr\\test\\release\\windows\\whids-v1.2-amd64.exe\" -dns -c all -r .\\all.gen","ParentImage":"\\\\vboxsvr\\test\\release\\windows\\whids-v1.2-amd64.exe","ParentProcessGuid":"{B2796A13-C047-5B23-0000-001060EC1902}","ParentProcessId":"6256","ProcessGuid":"{B2796A13-C049-5B23-0000-0010932D1A02}","ProcessId":"6304","Product":"Microsoft® Windows® Operating System","TerminalSessionId":"1","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-06-15 13:34:01.802"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"1","EventRecordID":"5658","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"1","TimeCreated":{"SystemTime":"2018-06-15T13:34:01.822500800Z"},"Version":"5"}}}
{"Event":{"EventData":{"Image":"C:\\Windows\\System32\\ipconfig.exe","ProcessGuid":"{B2796A13-C049-5B23-0000-0010932D1A02}","ProcessId":"6304","UtcTime":"2018-06-15 13:34:01.886"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"5","EventRecordID":"5659","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"5","TimeCreated":{"SystemTime":"2018-06-15T13:34:01.897238800Z"},"Version":"3"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"sls.update.microsoft.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36399","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.329385700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"sls.update.microsoft.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36400","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.332478900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"sls.update.microsoft.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36401","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.332486100Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"sls.update.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36402","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.334495000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"sls.update.microsoft.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36403","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.334507000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"sls.update.microsoft.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36404","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.334677100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"sls.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36405","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.334705600Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"sls.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36406","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.334742600Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"sls.update.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36407","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.335181700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"sls.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36408","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.335949300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"sls.update.microsoft.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36409","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.335975100Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"sls.update.microsoft.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36410","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.350755100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"sls.update.microsoft.com","QueryResults":"type:  5 sls.update.microsoft.com.nsatc.net;13.74.179.117;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36411","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.350869400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"sls.update.microsoft.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36412","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.350924700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"sls.update.microsoft.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36413","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.351091100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"sls.update.microsoft.com","QueryOptions":"1073897472","QueryResults":"type:  5 sls.update.microsoft.com.nsatc.net;::ffff:13.74.179.117;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36414","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:05.351223200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36415","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.898033100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36416","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.898059000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36417","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.898068400Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36418","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.903946100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36419","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.903959900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36420","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.904157100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36421","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.904197700Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36422","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.904228100Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"v10.vortex-win.data.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36423","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.904763100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36424","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.904851000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36425","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.904876000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"fe2.update.microsoft.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36426","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.021614400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"fe2.update.microsoft.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36427","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.021666200Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"fe2.update.microsoft.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36428","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.021675100Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"fe2.update.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36429","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.022691600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"fe2.update.microsoft.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36430","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.022703600Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"fe2.update.microsoft.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36431","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.022900900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"fe2.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36432","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.022929000Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"fe2.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36433","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.022960700Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"fe2.update.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36434","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.023344400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"fe2.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36435","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.023390800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"fe2.update.microsoft.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36436","Execution":{"ProcessID":"1044","ThreadID":"6480"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.023418500Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"fe2.update.microsoft.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36437","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.071709900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"fe2.update.microsoft.com","QueryResults":"type:  5 fe2.update.microsoft.com.nsatc.net;23.103.189.158;134.170.58.121;65.55.163.221;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36438","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.071858000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"fe2.update.microsoft.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36439","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.071863800Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"fe2.update.microsoft.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36440","Execution":{"ProcessID":"1044","ThreadID":"972"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.072244000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"fe2.update.microsoft.com","QueryOptions":"1073897472","QueryResults":"type:  5 fe2.update.microsoft.com.nsatc.net;::ffff:23.103.189.158;::ffff:134.170.58.121;::ffff:65.55.163.221;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36441","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.072322500Z"},"Version":"0"}}}
{"Event":{"EventData":{"DestinationHostname":"","DestinationIp":"13.74.179.117","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"C:\\Windows\\System32\\svchost.exe","Initiated":"true","ProcessGuid":"{B2796A13-A339-5B00-0000-001040000100}","ProcessId":"1044","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52234","SourcePortName":"","User":"NT AUTHORITY\\SYSTEM","UtcTime":"2018-05-23 06:02:42.396"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5660","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:06.418083100Z"},"Version":"5"}}}
{"Event":{"EventData":{"Image":"C:\\Windows\\System32\\SppExtComObj.Exe","ProcessGuid":"{B2796A13-C029-5B23-0000-0010F4901502}","ProcessId":"2520","UtcTime":"2018-06-15 13:34:07.089"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"5","EventRecordID":"5661","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"5","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.092483600Z"},"Version":"3"}}}
{"Event":{"EventData":{"Image":"C:\\Windows\\System32\\sppsvc.exe","ProcessGuid":"{B2796A13-C027-5B23-0000-001011311502}","ProcessId":"2656","UtcTime":"2018-06-15 13:34:07.089"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"5","EventRecordID":"5662","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"5","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.099396100Z"},"Version":"3"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36442","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.210384000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryResults":"type:  5 v10-win.vortex.data.microsoft.com.akadns.net;type:  5 geo.vortex.data.microsoft.com.akadns.net;type:  5 db5.vortex.data.microsoft.com.akadns.net;111.221.29.254;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36443","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.210519600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36444","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.210528500Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36445","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.210758300Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryResults":"type:  5 v10-win.vortex.data.microsoft.com.akadns.net;type:  5 geo.vortex.data.microsoft.com.akadns.net;type:  5 db5.vortex.data.microsoft.com.akadns.net;::ffff:111.221.29.254;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36446","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:07.210910100Z"},"Version":"0"}}}
{"Event":{"EventData":{"DestinationHostname":"","DestinationIp":"23.103.189.158","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"C:\\Windows\\System32\\svchost.exe","Initiated":"true","ProcessGuid":"{B2796A13-A339-5B00-0000-001040000100}","ProcessId":"1044","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52235","SourcePortName":"","User":"NT AUTHORITY\\SYSTEM","UtcTime":"2018-05-23 06:02:44.239"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5663","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:08.450722400Z"},"Version":"5"}}}
{"Event":{"EventData":{"DestinationHostname":"","DestinationIp":"111.221.29.254","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"C:\\Windows\\System32\\svchost.exe","Initiated":"true","ProcessGuid":"{B2796A13-A33B-5B00-0000-00104E490100}","ProcessId":"1652","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52236","SourcePortName":"","User":"NT AUTHORITY\\SYSTEM","UtcTime":"2018-05-23 06:02:44.515"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5664","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:08.715468700Z"},"Version":"5"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"sls.update.microsoft.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36447","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.162428700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"sls.update.microsoft.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36448","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.162430900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"sls.update.microsoft.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36449","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.162439400Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"sls.update.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36450","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.163487600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"sls.update.microsoft.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36451","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.163499200Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"sls.update.microsoft.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36452","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.163681700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"sls.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36453","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.163709300Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"sls.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36454","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.163740100Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"sls.update.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36455","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.164128800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"sls.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36456","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.164190800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"sls.update.microsoft.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36457","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.164218500Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"sls.update.microsoft.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36458","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.181872600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"sls.update.microsoft.com","QueryResults":"type:  5 sls.update.microsoft.com.nsatc.net;13.74.179.117;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36459","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.182044900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"sls.update.microsoft.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36460","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.182054300Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"sls.update.microsoft.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36461","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.182352800Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"sls.update.microsoft.com","QueryOptions":"1073897472","QueryResults":"type:  5 sls.update.microsoft.com.nsatc.net;::ffff:13.74.179.117;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36462","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.182514300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"fe2.update.microsoft.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36463","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.772540600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"fe2.update.microsoft.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36464","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.772559300Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"fe2.update.microsoft.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36465","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.772568300Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"fe2.update.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36466","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.773471400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"fe2.update.microsoft.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36467","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.773482100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"fe2.update.microsoft.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36468","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.773728000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"fe2.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36469","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.773761000Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"fe2.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36470","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.773793200Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"fe2.update.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36471","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.774410700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"fe2.update.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36472","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.774516100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"fe2.update.microsoft.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36473","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.774549100Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"fe2.update.microsoft.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36474","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.790930100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"fe2.update.microsoft.com","QueryResults":"type:  5 fe2.update.microsoft.com.nsatc.net;191.234.72.188;134.170.58.125;191.232.80.60;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36475","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.791146000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"fe2.update.microsoft.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36476","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.791155000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"fe2.update.microsoft.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36477","Execution":{"ProcessID":"1044","ThreadID":"7112"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.791542700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"fe2.update.microsoft.com","QueryOptions":"1073897472","QueryResults":"type:  5 fe2.update.microsoft.com.nsatc.net;::ffff:191.234.72.188;::ffff:134.170.58.125;::ffff:191.232.80.60;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36478","Execution":{"ProcessID":"1044","ThreadID":"6664"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:10.791735500Z"},"Version":"0"}}}
{"Event":{"EventData":{"DestinationHostname":"","DestinationIp":"13.74.179.117","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"C:\\Windows\\System32\\svchost.exe","Initiated":"true","ProcessGuid":"{B2796A13-A339-5B00-0000-001040000100}","ProcessId":"1044","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52237","SourcePortName":"","User":"NT AUTHORITY\\SYSTEM","UtcTime":"2018-05-23 06:02:47.230"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5665","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.558248000Z"},"Version":"5"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36479","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.769621300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36480","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.770399100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36481","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.770409400Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36482","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.771222400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36483","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.771241100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36484","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.771536600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36485","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.771581600Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36486","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.771621800Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"v10.vortex-win.data.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36487","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.772159900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36488","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.772226900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36489","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.772257700Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36490","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.917963400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryResults":"type:  5 v10-win.vortex.data.microsoft.com.akadns.net;type:  5 geo.vortex.data.microsoft.com.akadns.net;type:  5 db5.vortex.data.microsoft.com.akadns.net;64.4.54.254;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36491","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.918157100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36492","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.918166900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36493","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.918446700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryResults":"type:  5 v10-win.vortex.data.microsoft.com.akadns.net;type:  5 geo.vortex.data.microsoft.com.akadns.net;type:  5 db5.vortex.data.microsoft.com.akadns.net;::ffff:64.4.54.254;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36494","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:11.918502900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"188.72.234.191.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36495","Execution":{"ProcessID":"6732","ThreadID":"1736"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.387367800Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"188.72.234.191.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36496","Execution":{"ProcessID":"6732","ThreadID":"1736"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.393222800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"188.72.234.191.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36497","Execution":{"ProcessID":"6732","ThreadID":"1736"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.393246400Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"188.72.234.191.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"","QueryType":"12","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36498","Execution":{"ProcessID":"6732","ThreadID":"1736"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.393654700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"188.72.234.191.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36499","Execution":{"ProcessID":"6732","ThreadID":"1736"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.393691300Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"188.72.234.191.in-addr.arpa","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36500","Execution":{"ProcessID":"6732","ThreadID":"1736"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.393738600Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"188.72.234.191.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36501","Execution":{"ProcessID":"6732","ThreadID":"1736"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.394620300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"188.72.234.191.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36502","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.394850200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"188.72.234.191.in-addr.arpa.","QueryResults":"","QueryType":"12","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36503","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.394896100Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","InterfaceCount":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"0","QueryName":"188.72.234.191.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3012","EventRecordID":"36504","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.394932300Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"188.72.234.191.in-addr.arpa.","QueryResults":"","Status":"123"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3013","EventRecordID":"36505","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.395198200Z"},"Version":"0"}}}
{"Event":{"EventData":{"Address":"02000035D043DEDE0000000000000000","AddressLength":"16","QueryName":"188.72.234.191.in-addr.arpa"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"1016","EventRecordID":"36506","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"1016","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.409016100Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"188.72.234.191.in-addr.arpa","QueryType":"12","ResponseStatus":"9003"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36507","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.409034400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"188.72.234.191.in-addr.arpa.","QueryResults":"","QueryType":"12","Status":"9003"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36508","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.409190600Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","InterfaceCount":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"188.72.234.191.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3012","EventRecordID":"36509","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.409244600Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"188.72.234.191.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3014","EventRecordID":"36510","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.409517200Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"188.72.234.191.in-addr.arpa.","QueryResults":"","Status":"121"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3013","EventRecordID":"36511","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.409597600Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"188.72.234.191.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"","QueryStatus":"9003","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36512","Execution":{"ProcessID":"6732","ThreadID":"1736"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.409660500Z"},"Version":"0"}}}
{"Event":{"EventData":{"DestinationHostname":"","DestinationIp":"191.234.72.188","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"C:\\Windows\\System32\\svchost.exe","Initiated":"true","ProcessGuid":"{B2796A13-A339-5B00-0000-001040000100}","ProcessId":"1044","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52238","SourcePortName":"","User":"NT AUTHORITY\\SYSTEM","UtcTime":"2018-05-23 06:02:47.906"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5666","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:12.573970900Z"},"Version":"5"}}}
{"Event":{"EventData":{"DestinationHostname":"","DestinationIp":"64.4.54.254","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"C:\\Windows\\System32\\svchost.exe","Initiated":"true","ProcessGuid":"{B2796A13-A33B-5B00-0000-00104E490100}","ProcessId":"1652","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52239","SourcePortName":"","User":"NT AUTHORITY\\SYSTEM","UtcTime":"2018-05-23 06:02:49.070"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5667","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:13.590589800Z"},"Version":"5"}}}
{"Event":{"EventData":{"Image":"C:\\Windows\\System32\\CompatTelRunner.exe","ProcessGuid":"{B2796A13-C02A-5B23-0000-0010F3D61502}","ProcessId":"4380","UtcTime":"2018-06-15 13:34:14.448"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"5","EventRecordID":"5668","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"5","TimeCreated":{"SystemTime":"2018-06-15T13:34:14.463442200Z"},"Version":"3"}}}
{"Event":{"EventData":{"CommandLine":"C:\\Windows\\system32\\CompatTelRunner.exe -m:appraiser.dll -f:UpdateAvStatus -cv:wXVItb7BOUaOa7RJ.3","Company":"Microsoft Corporation","CurrentDirectory":"C:\\Windows\\system32\\","Description":"Microsoft Compatibility Telemetry","FileVersion":"10.0.15156.1008 (WinBuild.160101.0800)","Hashes":"SHA1=6D375871493B472BB73BFB17CF8153A3F313C6F4","Image":"C:\\Windows\\System32\\CompatTelRunner.exe","IntegrityLevel":"System","LogonGuid":"{B2796A13-21C7-5B01-0000-0020E7030000}","LogonId":"0x3e7","ParentCommandLine":"C:\\Windows\\system32\\compattelrunner.exe","ParentImage":"C:\\Windows\\System32\\CompatTelRunner.exe","ParentProcessGuid":"{B2796A13-C029-5B23-0000-00106E981502}","ParentProcessId":"844","ProcessGuid":"{B2796A13-C056-5B23-0000-0010477C1B02}","ProcessId":"4368","Product":"Microsoft® Windows® Operating System","TerminalSessionId":"0","User":"NT AUTHORITY\\SYSTEM","UtcTime":"2018-06-15 13:34:14.474"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"1","EventRecordID":"5669","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"1","TimeCreated":{"SystemTime":"2018-06-15T13:34:14.483084300Z"},"Version":"5"}}}
{"Event":{"EventData":{"Image":"C:\\Windows\\System32\\CompatTelRunner.exe","ProcessGuid":"{B2796A13-C056-5B23-0000-0010477C1B02}","ProcessId":"4368","UtcTime":"2018-06-15 13:34:14.698"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"5","EventRecordID":"5670","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"5","TimeCreated":{"SystemTime":"2018-06-15T13:34:14.699319700Z"},"Version":"3"}}}
{"Event":{"EventData":{"Image":"C:\\Windows\\System32\\CompatTelRunner.exe","ProcessGuid":"{B2796A13-C029-5B23-0000-00106E981502}","ProcessId":"844","UtcTime":"2018-06-15 13:34:14.698"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"5","EventRecordID":"5671","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"5","TimeCreated":{"SystemTime":"2018-06-15T13:34:14.707677600Z"},"Version":"3"}}}
{"Event":{"EventData":{"Image":"C:\\Windows\\System32\\conhost.exe","ProcessGuid":"{B2796A13-C02A-5B23-0000-001014B81502}","ProcessId":"6080","UtcTime":"2018-06-15 13:34:14.698"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"5","EventRecordID":"5672","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"5","TimeCreated":{"SystemTime":"2018-06-15T13:34:14.709776200Z"},"Version":"3"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36513","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.049968200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36514","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.049972300Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36515","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.049985200Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36516","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.051985200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36517","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.052006200Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36518","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.052359100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36519","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.052410000Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36520","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.052455100Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"v10.vortex-win.data.microsoft.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36521","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.053160100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36522","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.053311400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36523","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.053363600Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"v10.vortex-win.data.microsoft.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36524","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.069381000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryResults":"type:  5 v10-win.vortex.data.microsoft.com.akadns.net;type:  5 geo.vortex.data.microsoft.com.akadns.net;type:  5 db5.vortex.data.microsoft.com.akadns.net;111.221.29.254;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36525","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.069626900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36526","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.069644300Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36527","Execution":{"ProcessID":"1652","ThreadID":"6620"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.070080700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"v10.vortex-win.data.microsoft.com","QueryOptions":"1073897472","QueryResults":"type:  5 v10-win.vortex.data.microsoft.com.akadns.net;type:  5 geo.vortex.data.microsoft.com.akadns.net;type:  5 db5.vortex.data.microsoft.com.akadns.net;::ffff:111.221.29.254;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36528","Execution":{"ProcessID":"1652","ThreadID":"2180"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:15.070286400Z"},"Version":"0"}}}
{"Event":{"EventData":{"DestinationHostname":"","DestinationIp":"111.221.29.254","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"C:\\Windows\\System32\\svchost.exe","Initiated":"true","ProcessGuid":"{B2796A13-A33B-5B00-0000-00104E490100}","ProcessId":"1652","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52240","SourcePortName":"","User":"NT AUTHORITY\\SYSTEM","UtcTime":"2018-05-23 06:02:52.378"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5673","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:16.465140100Z"},"Version":"5"}}}
{"Event":{"EventData":{"CommandLine":"\"\\\\VBOXSVR\\test\\test-dns.exe\"","Company":"?","CurrentDirectory":"\\\\VBOXSVR\\test\\","Description":"?","FileVersion":"?","Hashes":"SHA1=0717261D425433B6FB242A08443450893B956EDE","Image":"\\\\vboxsvr\\test\\test-dns.exe","IntegrityLevel":"Medium","LogonGuid":"{B2796A13-A39F-5B00-0000-00204D0B3200}","LogonId":"0x320b4d","ParentCommandLine":"\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" ","ParentImage":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe","ParentProcessGuid":"{B2796A13-A44C-5B00-0000-0010B6094400}","ParentProcessId":"1496","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Product":"?","TerminalSessionId":"1","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-06-15 13:34:16.808"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"1","EventRecordID":"5674","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"1","TimeCreated":{"SystemTime":"2018-06-15T13:34:16.873392300Z"},"Version":"5"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"rawsec.be","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36529","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.010604100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.be","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36530","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.010616200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"rawsec.be","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36531","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.012126300Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"rawsec.be"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36532","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.024138700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"rawsec.be","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36533","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.024154700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.be","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36534","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.024429600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"rawsec.be","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36535","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.024503700Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"rawsec.be","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36536","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.024540300Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"rawsec.be"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36537","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.025030700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"rawsec.be","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36538","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.025887500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"rawsec.be","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36539","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.025920500Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"rawsec.be","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36540","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.168327300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"rawsec.be","QueryResults":"217.70.184.38;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36541","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.168624500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"rawsec.be","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36542","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.168644600Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.be","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36543","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.169281400Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.be","QueryOptions":"1073897472","QueryResults":"::ffff:217.70.184.38;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36544","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.169647300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36545","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.433490000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36546","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.433500300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36547","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.433528900Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"rawsec.lu"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36548","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.435255700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36549","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.435277200Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36550","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.435627900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"rawsec.lu","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36551","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.435667200Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"rawsec.lu","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36552","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.435704200Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"rawsec.lu"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36553","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.436573000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"rawsec.lu","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36554","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.436722000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"rawsec.lu","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36555","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.436747000Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"rawsec.lu","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36556","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.637112300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"rawsec.lu","QueryResults":"62.210.16.62;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36557","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.637201500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36558","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.637209100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36559","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.637446500Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryResults":"::ffff:62.210.16.62;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36560","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:17.637550500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"rawsec.io","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36561","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.133232800Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.io","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36562","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.133259100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"rawsec.io","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36563","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.133312600Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"rawsec.io"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36564","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.134783900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"rawsec.io","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36565","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.134797700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.io","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36566","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.135098000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"rawsec.io","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36567","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.135124800Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"rawsec.io","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36568","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.135154200Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"rawsec.io"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36569","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.135500500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"rawsec.io","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36570","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.135563800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"rawsec.io","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36571","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.135602200Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"rawsec.io","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36572","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.306805600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"rawsec.io","QueryResults":"217.70.184.38;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36573","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.306909100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"rawsec.io","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36574","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.306918400Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.io","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36575","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.307204900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.io","QueryOptions":"1073897472","QueryResults":"::ffff:217.70.184.38;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36576","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.307292800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36577","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.522493500Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36578","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.522516700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36579","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.522581800Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"rawsec.lu"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36580","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.526549700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36581","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.526575100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36582","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.527176200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"rawsec.lu","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36583","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.527228400Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"rawsec.lu","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36584","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.527285100Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"rawsec.lu"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36585","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.528470300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"rawsec.lu","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36586","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.528720600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"rawsec.lu","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36587","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.529059700Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"rawsec.lu","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36588","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.734432100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"rawsec.lu","QueryResults":"62.210.16.62;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36589","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.734720400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36590","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.734739100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36591","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.735479000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryResults":"::ffff:62.210.16.62;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36592","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.735868500Z"},"Version":"0"}}}
{"Event":{"EventData":{"DestinationHostname":"","DestinationIp":"d043:dede:0:0:180:500:0:0","DestinationIsIpv6":"true","DestinationPort":"53","DestinationPortName":"domain","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"udp","SourceHostname":"","SourceIp":"a00:20f:0:0:9820:ca8b:8096:ffff","SourceIsIpv6":"true","SourcePort":"62161","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:54.035"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5675","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.511888900Z"},"Version":"5"}}}
{"Event":{"EventData":{"DestinationHostname":"resolver1.opendns.com","DestinationIp":"208.67.222.222","DestinationIsIpv6":"false","DestinationPort":"53","DestinationPortName":"domain","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"false","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"udp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"62161","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:54.179"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5676","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.511946400Z"},"Version":"5"}}}
{"Event":{"EventData":{"DestinationHostname":"webredir.vip.gandi.net","DestinationIp":"217.70.184.38","DestinationIsIpv6":"false","DestinationPort":"80","DestinationPortName":"http","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52241","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:54.223"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5677","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.511983000Z"},"Version":"5"}}}
{"Event":{"EventData":{"DestinationHostname":"pf-lb-2.online.net","DestinationIp":"62.210.16.62","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52242","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:54.689"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5678","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:18.761821200Z"},"Version":"5"}}}
{"Event":{"EventData":{"DestinationHostname":"webredir.vip.gandi.net","DestinationIp":"217.70.184.38","DestinationIsIpv6":"false","DestinationPort":"80","DestinationPortName":"http","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52243","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:55.347"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5679","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.543752200Z"},"Version":"5"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36593","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.813371900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36594","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.813382100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36595","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.813411600Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"rawsec.lu"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36596","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.815267000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36597","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.815283500Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36598","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.815611500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"rawsec.lu","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36599","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.815642300Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"rawsec.lu","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36600","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.815676200Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"rawsec.lu"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36601","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.816451200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"rawsec.lu","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36602","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.816532000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"rawsec.lu","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36603","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.816620400Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"rawsec.lu","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36604","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.993610900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"rawsec.lu","QueryResults":"62.210.16.62;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36605","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.993793900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"rawsec.lu","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36606","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.993813500Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36607","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.994278500Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"rawsec.lu","QueryOptions":"1073897472","QueryResults":"::ffff:62.210.16.62;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36608","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:19.994489500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"google.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36609","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.181574600Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"google.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36610","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.181586200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"google.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36611","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.181615600Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"google.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36612","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.185085000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"google.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36613","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.185176000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"google.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36614","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.185663300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"google.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36615","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.185711500Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"google.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36616","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.185751200Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"google.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36617","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.186914100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"google.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36618","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.187073400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"google.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36619","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.187107300Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"google.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36620","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.237183600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"google.com","QueryResults":"216.58.215.46;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36621","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.237412100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"google.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36622","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.237431300Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"google.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36623","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.238019800Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"google.com","QueryOptions":"1073897472","QueryResults":"::ffff:216.58.215.46;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36624","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.238350500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"www.google.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36625","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.510883900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"www.google.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36626","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.510901300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"www.google.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36627","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.510954900Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"www.google.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36628","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.515041900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"www.google.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36629","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.515062900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"www.google.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36630","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.515798200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"www.google.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36631","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.515859800Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"www.google.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36632","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.515922700Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"www.google.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36633","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.516780900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"www.google.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36634","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.516931700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"www.google.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36635","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.517001700Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"www.google.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36636","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.622148500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"www.google.com","QueryResults":"216.58.198.196;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36637","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.622464900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"www.google.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36638","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.622489400Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"www.google.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36639","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.623198000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"www.google.com","QueryOptions":"1073897472","QueryResults":"::ffff:216.58.198.196;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36640","Execution":{"ProcessID":"4608","ThreadID":"6980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.623614300Z"},"Version":"0"}}}
{"Event":{"EventData":{"DestinationHostname":"pf-lb-2.online.net","DestinationIp":"62.210.16.62","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52244","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:56.043"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5680","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.590030700Z"},"Version":"5"}}}
{"Event":{"EventData":{"DestinationHostname":"pf-lb-2.online.net","DestinationIp":"62.210.16.62","DestinationIsIpv6":"false","DestinationPort":"80","DestinationPortName":"http","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52245","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:57.033"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5681","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.121861500Z"},"Version":"5"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"amazon.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36641","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.850112100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"amazon.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36642","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.850121900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"amazon.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36643","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.850147800Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"amazon.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36644","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.854208900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"amazon.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36645","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.854219600Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"amazon.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36646","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.854856800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"amazon.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36647","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.854888100Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"amazon.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36648","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.855086700Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"amazon.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36649","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.856368700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"amazon.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36650","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.857354400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"amazon.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36651","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:20.857385200Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"amazon.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36652","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.284665900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"amazon.com","QueryResults":"176.32.103.205;176.32.98.166;205.251.242.103;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36653","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.284907300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"amazon.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36654","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.284926900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"amazon.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36655","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.285565500Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"amazon.com","QueryOptions":"1073897472","QueryResults":"::ffff:176.32.103.205;::ffff:176.32.98.166;::ffff:205.251.242.103;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36656","Execution":{"ProcessID":"4608","ThreadID":"32"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.285911800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"46.215.58.216.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36657","Execution":{"ProcessID":"6732","ThreadID":"2548"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.481727400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"196.198.58.216.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36658","Execution":{"ProcessID":"6732","ThreadID":"6076"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.481991100Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"196.198.58.216.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36659","Execution":{"ProcessID":"6732","ThreadID":"6076"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.485042800Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"46.215.58.216.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36660","Execution":{"ProcessID":"6732","ThreadID":"2548"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.485056700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"196.198.58.216.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36661","Execution":{"ProcessID":"6732","ThreadID":"6076"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.485073600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"46.215.58.216.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36662","Execution":{"ProcessID":"6732","ThreadID":"2548"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.485083400Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"196.198.58.216.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"","QueryType":"12","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36663","Execution":{"ProcessID":"6732","ThreadID":"6076"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.486351600Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"46.215.58.216.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"","QueryType":"12","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36664","Execution":{"ProcessID":"6732","ThreadID":"2548"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.486389100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"196.198.58.216.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36665","Execution":{"ProcessID":"6732","ThreadID":"6076"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.486410500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"46.215.58.216.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36666","Execution":{"ProcessID":"6732","ThreadID":"2548"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.486443600Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"196.198.58.216.in-addr.arpa","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36667","Execution":{"ProcessID":"6732","ThreadID":"6076"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.486489100Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"46.215.58.216.in-addr.arpa","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36668","Execution":{"ProcessID":"6732","ThreadID":"2548"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.486504200Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"46.215.58.216.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36669","Execution":{"ProcessID":"6732","ThreadID":"2548"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.487727400Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"196.198.58.216.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36670","Execution":{"ProcessID":"6732","ThreadID":"6076"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.487813500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"46.215.58.216.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36671","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.487857700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"46.215.58.216.in-addr.arpa.","QueryResults":"","QueryType":"12","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36672","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.487908500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"196.198.58.216.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36673","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.487930800Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","InterfaceCount":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"0","QueryName":"46.215.58.216.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3012","EventRecordID":"36674","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.487950000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"196.198.58.216.in-addr.arpa.","QueryResults":"","QueryType":"12","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36675","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.487976300Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","InterfaceCount":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"0","QueryName":"196.198.58.216.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3012","EventRecordID":"36676","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.488015600Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"46.215.58.216.in-addr.arpa.","QueryResults":"","Status":"123"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3013","EventRecordID":"36677","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.488135200Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"196.198.58.216.in-addr.arpa.","QueryResults":"","Status":"123"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3013","EventRecordID":"36678","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.488187900Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"196.198.58.216.in-addr.arpa","QueryType":"12","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36679","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.572408200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"196.198.58.216.in-addr.arpa.","QueryResults":"type:  12 par10s27-in-f196.1e100.net;type:  12 par10s27-in-f4.1e100.net;","QueryType":"12","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36680","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.572643400Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"196.198.58.216.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"type:  12 par10s27-in-f196.1e100.net;type:  12 par10s27-in-f4.1e100.net;","QueryStatus":"0","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36681","Execution":{"ProcessID":"6732","ThreadID":"6076"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.572727300Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"46.215.58.216.in-addr.arpa","QueryType":"12","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36682","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.658721400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"46.215.58.216.in-addr.arpa.","QueryResults":"type:  12 par21s17-in-f14.1e100.net;","QueryType":"12","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36683","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.658885200Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"46.215.58.216.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"type:  12 par21s17-in-f14.1e100.net;","QueryStatus":"0","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36684","Execution":{"ProcessID":"6732","ThreadID":"2548"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.659195800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"amazon.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36685","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.659735700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"amazon.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36686","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.659754900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"amazon.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36687","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.659909700Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"amazon.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36688","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.662216200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"amazon.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36689","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.662233600Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"amazon.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36690","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.662614300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"amazon.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36691","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.662645500Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"amazon.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36692","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.662680300Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"amazon.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36693","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.663435800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"amazon.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36694","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.663541100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"amazon.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36695","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.663600000Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"amazon.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36696","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.767458900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"amazon.com","QueryResults":"176.32.98.166;176.32.103.205;205.251.242.103;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36697","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.767695900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"amazon.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36698","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.767716000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"amazon.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36699","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.768301900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"amazon.com","QueryOptions":"1073897472","QueryResults":"::ffff:176.32.98.166;::ffff:176.32.103.205;::ffff:205.251.242.103;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36700","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.768643200Z"},"Version":"0"}}}
{"Event":{"EventData":{"DestinationHostname":"","DestinationIp":"216.58.215.46","DestinationIsIpv6":"false","DestinationPort":"80","DestinationPortName":"http","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52246","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:57.340"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5682","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.622481800Z"},"Version":"5"}}}
{"Event":{"EventData":{"DestinationHostname":"par10s27-in-f196.1e100.net","DestinationIp":"216.58.198.196","DestinationIsIpv6":"false","DestinationPort":"80","DestinationPortName":"http","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52247","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:57.662"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5683","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:21.872838100Z"},"Version":"5"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"www.amazon.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36701","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.389270500Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"www.amazon.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36702","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.389291000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"www.amazon.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36703","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.389344500Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"www.amazon.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36704","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.392019700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"www.amazon.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36705","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.392091600Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"www.amazon.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36706","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.392634600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"www.amazon.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36707","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.392684600Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"www.amazon.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36708","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.392738600Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"www.amazon.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36709","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.393593500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"www.amazon.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36710","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.393701100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"www.amazon.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36711","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.393779200Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"www.amazon.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36712","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.416080800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"www.amazon.com","QueryResults":"type:  5 www.cdn.amazon.com;type:  5 www.amazon.com.edgekey.net;type:  5 e15316.ci.akamaiedge.net;23.206.30.120;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36713","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.416204400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"www.amazon.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36714","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.416214200Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"www.amazon.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36715","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.416527900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"www.amazon.com","QueryOptions":"1073897472","QueryResults":"type:  5 www.cdn.amazon.com;type:  5 www.amazon.com.edgekey.net;type:  5 e15316.ci.akamaiedge.net;::ffff:23.206.30.120;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36716","Execution":{"ProcessID":"4608","ThreadID":"5328"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.416786300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"205.103.32.176.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36717","Execution":{"ProcessID":"6732","ThreadID":"484"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.497218200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"166.98.32.176.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36718","Execution":{"ProcessID":"6732","ThreadID":"4140"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.497358800Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"205.103.32.176.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36719","Execution":{"ProcessID":"6732","ThreadID":"484"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.500673400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"205.103.32.176.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36720","Execution":{"ProcessID":"6732","ThreadID":"484"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.500706400Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"166.98.32.176.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36721","Execution":{"ProcessID":"6732","ThreadID":"4140"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.500726000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"166.98.32.176.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36722","Execution":{"ProcessID":"6732","ThreadID":"4140"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.500755900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"166.98.32.176.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"","QueryType":"12","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36723","Execution":{"ProcessID":"6732","ThreadID":"4140"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.502129000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"205.103.32.176.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"","QueryType":"12","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36724","Execution":{"ProcessID":"6732","ThreadID":"484"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.502150800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"166.98.32.176.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36725","Execution":{"ProcessID":"6732","ThreadID":"4140"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.502187400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"205.103.32.176.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36726","Execution":{"ProcessID":"6732","ThreadID":"484"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.502206200Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"166.98.32.176.in-addr.arpa","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36727","Execution":{"ProcessID":"6732","ThreadID":"4140"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.502255700Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"205.103.32.176.in-addr.arpa","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36728","Execution":{"ProcessID":"6732","ThreadID":"484"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.502264600Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"166.98.32.176.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36729","Execution":{"ProcessID":"6732","ThreadID":"4140"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.503448000Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"205.103.32.176.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36730","Execution":{"ProcessID":"6732","ThreadID":"484"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.503532800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"166.98.32.176.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36731","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.503611800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"205.103.32.176.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36732","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.503645700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"166.98.32.176.in-addr.arpa.","QueryResults":"","QueryType":"12","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36733","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.503666700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"205.103.32.176.in-addr.arpa.","QueryResults":"","QueryType":"12","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36734","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.503691200Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","InterfaceCount":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"0","QueryName":"166.98.32.176.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3012","EventRecordID":"36735","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.503713500Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","InterfaceCount":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"0","QueryName":"205.103.32.176.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3012","EventRecordID":"36736","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.503730000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"166.98.32.176.in-addr.arpa.","QueryResults":"","Status":"123"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3013","EventRecordID":"36737","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.503923700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"205.103.32.176.in-addr.arpa.","QueryResults":"","Status":"123"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3013","EventRecordID":"36738","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.503935800Z"},"Version":"0"}}}
{"Event":{"EventData":{"Address":"02000035D043DEDE0000000000000000","AddressLength":"16","QueryName":"205.103.32.176.in-addr.arpa"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"1016","EventRecordID":"36739","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"1016","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.594359500Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"205.103.32.176.in-addr.arpa","QueryType":"12","ResponseStatus":"9003"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36740","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.594388100Z"},"Version":"0"}}}
{"Event":{"EventData":{"Address":"02000035D043DEDE0000000000000000","AddressLength":"16","QueryName":"166.98.32.176.in-addr.arpa"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"1016","EventRecordID":"36741","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"1016","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.595300200Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"166.98.32.176.in-addr.arpa","QueryType":"12","ResponseStatus":"9003"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36742","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.595325200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"166.98.32.176.in-addr.arpa.","QueryResults":"","QueryType":"12","Status":"9003"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36743","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.595513000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"205.103.32.176.in-addr.arpa.","QueryResults":"","QueryType":"12","Status":"9003"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36744","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.595525100Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","InterfaceCount":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"166.98.32.176.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3012","EventRecordID":"36745","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.595572800Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","InterfaceCount":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"205.103.32.176.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3012","EventRecordID":"36746","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.595583100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"166.98.32.176.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3014","EventRecordID":"36747","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.595973100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"205.103.32.176.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3014","EventRecordID":"36748","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.596013700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"166.98.32.176.in-addr.arpa.","QueryResults":"","Status":"121"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3013","EventRecordID":"36749","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.596116300Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"205.103.32.176.in-addr.arpa.","QueryResults":"","Status":"121"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3013","EventRecordID":"36750","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.596136000Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"205.103.32.176.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"","QueryStatus":"9003","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36751","Execution":{"ProcessID":"6732","ThreadID":"484"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.596243500Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"166.98.32.176.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"","QueryStatus":"9003","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36752","Execution":{"ProcessID":"6732","ThreadID":"4140"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.596252000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"github.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36753","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.980693400Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"github.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36754","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.980700600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"github.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36755","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.980858100Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"github.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36756","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.983190100Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"github.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36757","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.983200800Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"github.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36758","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.983430600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"github.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36759","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.983448900Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"github.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36760","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.983469000Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"github.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36761","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.983848700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"github.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36762","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.984180700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"github.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36763","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.984196300Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"github.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36764","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.123690700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"github.com","QueryResults":"192.30.253.112;192.30.253.113;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36765","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.123928500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"github.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36766","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.123958400Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"github.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36767","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.124763800Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"github.com","QueryOptions":"1073897472","QueryResults":"::ffff:192.30.253.112;::ffff:192.30.253.113;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36768","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.125807600Z"},"Version":"0"}}}
{"Event":{"EventData":{"DestinationHostname":"","DestinationIp":"176.32.103.205","DestinationIsIpv6":"false","DestinationPort":"80","DestinationPortName":"http","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52248","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:58.459"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5684","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.638352800Z"},"Version":"5"}}}
{"Event":{"EventData":{"DestinationHostname":"","DestinationIp":"176.32.98.166","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52249","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:58.893"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5685","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:22.902446700Z"},"Version":"5"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"120.30.206.23.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36769","Execution":{"ProcessID":"6732","ThreadID":"1324"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.502595700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"112.253.30.192.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36770","Execution":{"ProcessID":"6732","ThreadID":"6184"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.503209700Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"120.30.206.23.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36771","Execution":{"ProcessID":"6732","ThreadID":"1324"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.505518900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"120.30.206.23.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36772","Execution":{"ProcessID":"6732","ThreadID":"1324"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.505543000Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"112.253.30.192.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36773","Execution":{"ProcessID":"6732","ThreadID":"6184"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.505560000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"112.253.30.192.in-addr.arpa.","QueryOptions":"1073872896","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36774","Execution":{"ProcessID":"6732","ThreadID":"6184"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.505578300Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"112.253.30.192.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"","QueryType":"12","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36775","Execution":{"ProcessID":"6732","ThreadID":"6184"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.506431900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"112.253.30.192.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36776","Execution":{"ProcessID":"6732","ThreadID":"6184"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.506474300Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"120.30.206.23.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"","QueryType":"12","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36777","Execution":{"ProcessID":"6732","ThreadID":"1324"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.506501500Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"112.253.30.192.in-addr.arpa","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36778","Execution":{"ProcessID":"6732","ThreadID":"6184"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.506521200Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"120.30.206.23.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36779","Execution":{"ProcessID":"6732","ThreadID":"1324"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.506532800Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"120.30.206.23.in-addr.arpa","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36780","Execution":{"ProcessID":"6732","ThreadID":"1324"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.506569800Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"120.30.206.23.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36781","Execution":{"ProcessID":"6732","ThreadID":"1324"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.507279800Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"112.253.30.192.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36782","Execution":{"ProcessID":"6732","ThreadID":"6184"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.507337800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"120.30.206.23.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36783","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.507362800Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"120.30.206.23.in-addr.arpa.","QueryResults":"","QueryType":"12","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36784","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.507398000Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"112.253.30.192.in-addr.arpa.","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36785","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.507411800Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","InterfaceCount":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"0","QueryName":"120.30.206.23.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3012","EventRecordID":"36786","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.507428300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"112.253.30.192.in-addr.arpa.","QueryResults":"","QueryType":"12","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36787","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.507442600Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","InterfaceCount":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"0","QueryName":"112.253.30.192.in-addr.arpa."},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3012","EventRecordID":"36788","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.507472100Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"120.30.206.23.in-addr.arpa.","QueryResults":"","Status":"123"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3013","EventRecordID":"36789","Execution":{"ProcessID":"6732","ThreadID":"2740"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.507559500Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"112.253.30.192.in-addr.arpa.","QueryResults":"","Status":"123"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3013","EventRecordID":"36790","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.507574300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"github.com","QueryOptions":"1073766400","QueryType":"1","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36791","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.541835700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"github.com","QueryOptions":"1073766400","QueryResults":"","QueryStatus":"87","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36792","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.541859300Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","IsAsyncQuery":"0","IsNetworkQuery":"0","NetworkQueryIndex":"0","QueryName":"github.com","QueryOptions":"1073897472","QueryType":"28","ServerList":""},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3006","EventRecordID":"36793","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.541929000Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Ethernet","DNSServerAddress":"208.67.222.222;208.67.220.220;","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"fe80::7130:3f5e:d14f:943e;10.0.2.15;","NetworkIndex":"0","QueryName":"github.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36794","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.545896400Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"github.com","QueryOptions":"1073897472","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36795","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.545914200Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"github.com","QueryOptions":"1073897472","QueryResults":"","QueryType":"1","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36796","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.546276600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"github.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36797","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.546310900Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"github.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3010","EventRecordID":"36798","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.546331400Z"},"Version":"0"}}}
{"Event":{"EventData":{"AdapterName":"Teredo Tunneling Pseudo-Interface","DNSServerAddress":"","InterfaceCount":"1","IsParallelNetworkQuery":"1","LocalAddress":"2001:0:9d38:90d7:4a:6d2f:ccf0:86f0;fe80::4a:6d2f:ccf0:86f0;","NetworkIndex":"1","QueryName":"github.com"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3009","EventRecordID":"36799","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.547309600Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"1","QueryName":"github.com","QueryType":"1"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3019","EventRecordID":"36800","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.547414500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"1","NetworkIndex":"0","QueryName":"github.com","QueryResults":"","QueryType":"1","Status":"1460"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36801","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.547443100Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"112.253.30.192.in-addr.arpa","QueryType":"12","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36802","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.643297900Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"112.253.30.192.in-addr.arpa.","QueryResults":"type:  12 lb-192-30-253-112-iad.github.com;","QueryType":"12","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36803","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.643438900Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"112.253.30.192.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"type:  12 lb-192-30-253-112-iad.github.com;","QueryStatus":"0","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36804","Execution":{"ProcessID":"6732","ThreadID":"6184"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.643481800Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"120.30.206.23.in-addr.arpa","QueryType":"12","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36805","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.649362700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"120.30.206.23.in-addr.arpa.","QueryResults":"type:  12 a23-206-30-120.deploy.static.akamaitechnologies.com;","QueryType":"12","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36806","Execution":{"ProcessID":"6732","ThreadID":"6200"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.649470200Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"120.30.206.23.in-addr.arpa.","QueryOptions":"1073872896","QueryResults":"type:  12 a23-206-30-120.deploy.static.akamaitechnologies.com;","QueryStatus":"0","QueryType":"12"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36807","Execution":{"ProcessID":"6732","ThreadID":"1324"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-18"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.649567900Z"},"Version":"0"}}}
{"Event":{"EventData":{"DnsServerIpAddress":"208.67.222.222","QueryName":"github.com","QueryType":"1","ResponseStatus":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3011","EventRecordID":"36808","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.671768700Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","NetworkIndex":"0","QueryName":"github.com","QueryResults":"192.30.253.112;192.30.253.113;","QueryType":"1","Status":"0"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3020","EventRecordID":"36809","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.671956500Z"},"Version":"0"}}}
{"Event":{"EventData":{"InterfaceIndex":"0","QueryName":"github.com","QueryOptions":"1074421760","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3016","EventRecordID":"36810","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.671967700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"github.com","QueryOptions":"1074421760","QueryResults":"","QueryType":"28","Status":"9701"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3018","EventRecordID":"36811","Execution":{"ProcessID":"4608","ThreadID":"6876"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.672398700Z"},"Version":"0"}}}
{"Event":{"EventData":{"QueryName":"github.com","QueryOptions":"1073897472","QueryResults":"::ffff:192.30.253.112;::ffff:192.30.253.113;","QueryStatus":"0","QueryType":"28"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-DNS-Client/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3008","EventRecordID":"36812","Execution":{"ProcessID":"4608","ThreadID":"3352"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}","Name":"Microsoft-Windows-DNS-Client"},"Security":{"UserID":"S-1-5-21-4228426178-1801199070-633696311-1001"},"Task":"0","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.672583000Z"},"Version":"0"}}}
{"Event":{"EventData":{"DestinationHostname":"a23-206-30-120.deploy.static.akamaitechnologies.com","DestinationIp":"23.206.30.120","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52250","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:02:59.459"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5686","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:23.669366100Z"},"Version":"5"}}}
{"Event":{"EventData":{"Image":"\\\\vboxsvr\\test\\test-dns.exe","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","UtcTime":"2018-06-15 13:34:24.402"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"5","EventRecordID":"5687","Execution":{"ProcessID":"6732","ThreadID":"4824"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"5","TimeCreated":{"SystemTime":"2018-06-15T13:34:24.405458300Z"},"Version":"3"}}}
{"Event":{"EventData":{"DestinationHostname":"lb-192-30-253-112-iad.github.com","DestinationIp":"192.30.253.112","DestinationIsIpv6":"false","DestinationPort":"80","DestinationPortName":"http","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52251","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:03:00.315"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5688","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:24.449378500Z"},"Version":"5"}}}
{"Event":{"EventData":{"DestinationHostname":"lb-192-30-253-112-iad.github.com","DestinationIp":"192.30.253.112","DestinationIsIpv6":"false","DestinationPort":"443","DestinationPortName":"https","Image":"\\\\vboxsvr\\test\\test-dns.exe","Initiated":"true","ProcessGuid":"{B2796A13-C058-5B23-0000-001088871B02}","ProcessId":"4608","Protocol":"tcp","SourceHostname":"DESKTOP-5SUA567.lan","SourceIp":"10.0.2.15","SourceIsIpv6":"false","SourcePort":"52252","SourcePortName":"","User":"DESKTOP-5SUA567\\Gen Eric","UtcTime":"2018-05-23 06:03:00.859"},"GeneInfo":{"Criticality":0,"Signature":["All"]},"System":{"Channel":"Microsoft-Windows-Sysmon/Operational","Computer":"DESKTOP-5SUA567","Correlation":{},"EventID":"3","EventRecordID":"5689","Execution":{"ProcessID":"6732","ThreadID":"5980"},"Keywords":"0x8000000000000000","Level":"4","Opcode":"0","Provider":{"Guid":"{5770385F-C22A-43E0-BF4C-06F5698FFBD9}","Name":"Microsoft-Windows-Sysmon"},"Security":{"UserID":"S-1-5-18"},"Task":"3","TimeCreated":{"SystemTime":"2018-06-15T13:34:24.965743400Z"},"Version":"5"}}}