example_out.txt



TimeCreated  : 9/4/2021 7:30:14 PM
ProviderName : Microsoft-Windows-Sysmon
Id           : 1
Message      : Process Create:
               RuleName: -
               UtcTime: 2021-09-04 23:30:14.945
               ProcessGuid: {fdd26d49-0186-6134-0c0c-000000004200}
               ProcessId: 2976
               Image: C:\Windows\System32\cmd.exe
               FileVersion: 10.0.19041.746 (WinBuild.160101.0800)
               Description: Windows Command Processor
               Product: Microsoft® Windows® Operating System
               Company: Microsoft Corporation
               OriginalFileName: Cmd.Exe
               CommandLine: "C:\WINDOWS\system32\cmd.exe" /c notepad.exe
               CurrentDirectory: C:\Users\cr8zyeights88\LogExplorer\
               User: DESKTOP-486T05J\cr8zyeights88
               LogonGuid: {fdd26d49-f1f3-6133-ff10-040000000000}
               LogonId: 0x410FF
               TerminalSessionId: 1
               IntegrityLevel: High
               Hashes: MD5=8A2122E8162DBEF04694B9C3E0B6CDEE,SHA256=B99D61D874728EDC0918CA0EB10EAB93D381E7367E377406E659
               63366C874450,IMPHASH=272245E2988E1E430500B852C4FB5E18
               ParentProcessGuid: {fdd26d49-f2fe-6133-6501-000000004200}
               ParentProcessId: 5580
               ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
               ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" 

TimeCreated  : 9/4/2021 7:30:16 PM
ProviderName : Microsoft-Windows-Sysmon
Id           : 1
Message      : Process Create:
               RuleName: -
               UtcTime: 2021-09-04 23:30:16.339
               ProcessGuid: {fdd26d49-0188-6134-0d0c-000000004200}
               ProcessId: 2248
               Image: C:\Windows\System32\notepad.exe
               FileVersion: 10.0.19041.1081 (WinBuild.160101.0800)
               Description: Notepad
               Product: Microsoft® Windows® Operating System
               Company: Microsoft Corporation
               OriginalFileName: NOTEPAD.EXE
               CommandLine: notepad.exe
               CurrentDirectory: C:\Users\cr8zyeights88\LogExplorer\
               User: DESKTOP-486T05J\cr8zyeights88
               LogonGuid: {fdd26d49-f1f3-6133-ff10-040000000000}
               LogonId: 0x410FF
               TerminalSessionId: 1
               IntegrityLevel: High
               Hashes: MD5=1C1760ED4D19CDBECB2398216922628B,SHA256=D66458A3EB1B68715B552B3AF32A9D2E889BBF8AC0C23C1AFA8D
               0982023D1CE2,IMPHASH=670212BD5FAE78855C331EDDEFFDD4EB
               ParentProcessGuid: {fdd26d49-0186-6134-0c0c-000000004200}
               ParentProcessId: 2976
               ParentImage: C:\Windows\System32\cmd.exe
               ParentCommandLine: "C:\WINDOWS\system32\cmd.exe" /c notepad.exe