Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Custom/NXLog_DNS_Server_CL.json

40694 строки
1.3 MiB
Executable File
Исходник Ответственный История

[
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T19:59:59.446551-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "40.90.4.205",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "8c70dfcb-83e1-4959-934d-fcb4860bf1de.ods.opinsights.azure.com.",
"QTYPE": "1",
"XID": "25337",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "224",
"PacketData": "0x62F9800000010000000400012438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D0000010001C031000200010000012C0013066E73312D303109617A7572652D646E73C046C04F000200010000012C0016066E73322D303109617A7572652D646E73036E657400C04F000200010000012C0016066E73332D303109617A7572652D646E73036F726700C04F000200010000012C0017066E73342D303109617A7572652D646E7304696E666F0000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{9E896A72-AF94-4C5B-BE84-192927A809AE}",
"EventReceivedTime": "2021-09-16T20:00:00.460347-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T19:59:59.446682-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "40.90.4.1",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "8c70dfcb-83e1-4959-934d-fcb4860bf1de.ods.opinsights.azure.com.",
"QTYPE": "1",
"QXID": "22335",
"XID": "54373",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "90",
"PacketData": "0xD465000000010000000000012438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{9E896A72-AF94-4C5B-BE84-192927A809AE}",
"EventReceivedTime": "2021-09-16T20:00:00.460347-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T19:59:59.457092-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2603:1061::cd",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "8c70dfcb-83e1-4959-934d-fcb4860bf1de.ods.opinsights.azure.com.",
"QTYPE": "28",
"XID": "39719",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "224",
"PacketData": "0x9B27800000010000000400012438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D00001C0001C031000200010000012C0013066E73312D303109617A7572652D646E73C046C04F000200010000012C0016066E73322D303109617A7572652D646E73036E657400C04F000200010000012C0016066E73332D303109617A7572652D646E73036F726700C04F000200010000012C0017066E73342D303109617A7572652D646E7304696E666F0000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{18F714C3-99C7-41EA-A194-15C7EA1EF5EB}",
"EventReceivedTime": "2021-09-16T20:00:00.460347-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T19:59:59.457193-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "40.90.4.1",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "8c70dfcb-83e1-4959-934d-fcb4860bf1de.ods.opinsights.azure.com.",
"QTYPE": "28",
"QXID": "15932",
"XID": "57791",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "90",
"PacketData": "0xE1BF000000010000000000012438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{18F714C3-99C7-41EA-A194-15C7EA1EF5EB}",
"EventReceivedTime": "2021-09-16T20:00:00.460347-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T19:59:59.502443-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "40.90.4.1",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "8c70dfcb-83e1-4959-934d-fcb4860bf1de.ods.opinsights.azure.com.",
"QTYPE": "1",
"XID": "54373",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "126",
"PacketData": "0xD465840000010001000000012438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0018036F64730E747261666669636D616E61676572036E65740000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{9E896A72-AF94-4C5B-BE84-192927A809AE}",
"EventReceivedTime": "2021-09-16T20:00:00.460347-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T19:59:59.503624-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "ods.trafficmanager.net.",
"QTYPE": "1",
"Port": "62625",
"XID": "22335",
"BufferSize": "79",
"PacketData": "0x573F818000010001000000002438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:00:00.460347-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T19:59:59.505556-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.160.4",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "tm1.edgedns-tm.info.",
"QTYPE": "1",
"QXID": "1",
"XID": "29181",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0x71FD0000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T19:59:59.514009-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "40.90.4.1",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "8c70dfcb-83e1-4959-934d-fcb4860bf1de.ods.opinsights.azure.com.",
"QTYPE": "28",
"XID": "57791",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "126",
"PacketData": "0xE1BF840000010001000000012438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D00001C0001C00C000500010000012C0018036F64730E747261666669636D616E61676572036E65740000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{18F714C3-99C7-41EA-A194-15C7EA1EF5EB}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T19:59:59.514125-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "ods.trafficmanager.net.",
"QTYPE": "28",
"Port": "57009",
"XID": "15932",
"BufferSize": "79",
"PacketData": "0x3E3C818000010001000000002438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T19:59:59.514641-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2603:1061::4",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "tm1.edgedns-tm.info.",
"QTYPE": "1",
"QXID": "1",
"XID": "63086",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0xF66E0000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T19:59:59.532485-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "13.107.160.4",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "tm1.edgedns-tm.info.",
"QTYPE": "1",
"XID": "29181",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "64",
"PacketData": "0x71FD8400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T19:59:59.533228-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ods.trafficmanager.NET.",
"QTYPE": "1",
"QXID": "22335",
"XID": "7650",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0x1DE200000001000000000001036F64730E747261666669636D616E61676572034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{9E896A72-AF94-4C5B-BE84-192927A809AE}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T19:59:59.549819-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2603:1061::4",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "tm1.edgedns-tm.info.",
"QTYPE": "1",
"XID": "63086",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "64",
"PacketData": "0xF66E8400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T19:59:59.550678-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ods.trafficmanager.NET.",
"QTYPE": "28",
"QXID": "15932",
"XID": "48223",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0xBC5F00000001000000000001036F64730E747261666669636D616E61676572034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{18F714C3-99C7-41EA-A194-15C7EA1EF5EB}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T19:59:59.555192-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "ods.trafficmanager.NET.",
"QTYPE": "1",
"XID": "7650",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "90",
"PacketData": "0x1DE284200001000100000001036F64730E747261666669636D616E61676572034E45540000010001C00C000500010000012C001B0C6575732D6F692D6F64732D6308636C6F7564617070036E65740000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{9E896A72-AF94-4C5B-BE84-192927A809AE}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T19:59:59.555295-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "eus-oi-ods-c.cloudapp.net.",
"QTYPE": "1",
"Port": "62625",
"XID": "22335",
"BufferSize": "79",
"PacketData": "0x573F818000010002000000002438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T19:59:59.556236-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "64.4.48.201",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "eus-oi-ods-c.cloudapp.NET.",
"QTYPE": "1",
"QXID": "22335",
"XID": "55851",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "54",
"PacketData": "0xDA2B000000010000000000010C6575732D6F692D6F64732D6308636C6F7564617070034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{9E896A72-AF94-4C5B-BE84-192927A809AE}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T19:59:59.578897-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "ods.trafficmanager.NET.",
"QTYPE": "28",
"XID": "48223",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "90",
"PacketData": "0xBC5F84200001000100000001036F64730E747261666669636D616E61676572034E455400001C0001C00C000500010000012C001B0C6575732D6F692D6F64732D6208636C6F7564617070036E65740000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{18F714C3-99C7-41EA-A194-15C7EA1EF5EB}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T19:59:59.579397-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "eus-oi-ods-c.cloudapp.net.",
"QTYPE": "28",
"Port": "57009",
"XID": "15932",
"BufferSize": "79",
"PacketData": "0x3E3C818000010002000000002438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T19:59:59.579839-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "64.4.48.201",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "eus-oi-ods-c.cloudapp.NET.",
"QTYPE": "28",
"QXID": "15932",
"XID": "14701",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "43",
"PacketData": "0x396D000000010000000000000C6575732D6F692D6F64732D6308636C6F7564617070034E455400001C0001",
"AdditionalInfo": ".",
"GUID": "{18F714C3-99C7-41EA-A194-15C7EA1EF5EB}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T19:59:59.584204-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "64.4.48.201",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "eus-oi-ods-c.cloudapp.NET.",
"QTYPE": "1",
"XID": "55851",
"RecursionDepth": "4",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "70",
"PacketData": "0xDA2B840000010001000000010C6575732D6F692D6F64732D6308636C6F7564617070034E45540000010001C00C000100010000000A0004284F9A5700002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{9E896A72-AF94-4C5B-BE84-192927A809AE}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T19:59:59.584424-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "8c70dfcb-83e1-4959-934d-fcb4860bf1de.ods.opinsights.azure.com.",
"QTYPE": "1",
"XID": "22335",
"DNSSEC": "0",
"RCODE": "0",
"Port": "62625",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "167",
"PacketData": "0x573F818000010003000000002438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0018036F64730E747261666669636D616E61676572036E657400C05B000500010000012C00180C6575732D6F692D6F64732D6308636C6F7564617070C06EC07F000100010000000A0004284F9A57",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "188",
"GUID": "{9E896A72-AF94-4C5B-BE84-192927A809AE}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T19:59:59.601483-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "64.4.48.201",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "eus-oi-ods-c.cloudapp.NET.",
"QTYPE": "28",
"XID": "14701",
"RecursionDepth": "4",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "117",
"PacketData": "0x396D840000010000000100000C6575732D6F692D6F64732D6308636C6F7564617070034E455400001C0001C019000600010000003C003E076E73312D32303109617A7572652D646E7303636F6D00066D736E687374096D6963726F736F6674C0497DA3FC3C000003840000012C00093A800000003C",
"AdditionalInfo": ".",
"GUID": "{18F714C3-99C7-41EA-A194-15C7EA1EF5EB}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T19:59:59.602237-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "8c70dfcb-83e1-4959-934d-fcb4860bf1de.ods.opinsights.azure.com.",
"QTYPE": "28",
"XID": "15932",
"DNSSEC": "0",
"RCODE": "0",
"Port": "57009",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "151",
"PacketData": "0x3E3C818000010002000000002438633730646663622D383365312D343935392D393334642D666362343836306266316465036F64730A6F70696E73696768747305617A75726503636F6D00001C0001C00C000500010000012C0018036F64730E747261666669636D616E61676572036E657400C05B000500010000012C00180C6575732D6F692D6F64732D6308636C6F7564617070C06E",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "205",
"GUID": "{18F714C3-99C7-41EA-A194-15C7EA1EF5EB}",
"EventReceivedTime": "2021-09-16T20:00:00.475762-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:00:44.629289-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "wpad.v6.example.com.",
"QTYPE": "1",
"XID": "44695",
"Port": "59293",
"BufferSize": "37",
"PacketData": "0xAE97010000010000000000000477706164027636076578616D706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{29DAE5AF-646B-47B8-9AEA-CA506275DBDE}",
"EventReceivedTime": "2021-09-16T20:00:45.622568-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:00:44.629373-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "1",
"AD": "0",
"QNAME": "wpad.v6.example.com.",
"QTYPE": "1",
"XID": "44695",
"DNSSEC": "0",
"RCODE": "3",
"Port": "59293",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0xAE97858300010000000100000477706164027636076578616D706C6503636F6D0000010001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001000000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{29DAE5AF-646B-47B8-9AEA-CA506275DBDE}",
"EventReceivedTime": "2021-09-16T20:00:45.622568-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:00:44.629840-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "wpad.v6.example.com.",
"QTYPE": "28",
"XID": "24945",
"Port": "61217",
"BufferSize": "37",
"PacketData": "0x6171010000010000000000000477706164027636076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{B5A639DD-712F-4AC0-BDE6-8A41E55FEE91}",
"EventReceivedTime": "2021-09-16T20:00:45.622568-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:00:44.629900-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "1",
"AD": "0",
"QNAME": "wpad.v6.example.com.",
"QTYPE": "28",
"XID": "24945",
"DNSSEC": "0",
"RCODE": "3",
"Port": "61217",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0x6171858300010000000100000477706164027636076578616D706C6503636F6D00001C0001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001000000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{B5A639DD-712F-4AC0-BDE6-8A41E55FEE91}",
"EventReceivedTime": "2021-09-16T20:00:45.622568-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:00:59.274212-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "fe2.update.microsoft.com.",
"QTYPE": "1",
"XID": "9256",
"Port": "60014",
"BufferSize": "42",
"PacketData": "0x2428010000010000000000000366653206757064617465096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{F3CE997B-ED63-4096-944D-6E58D294F5EC}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:00:59.274233-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "fe2.update.microsoft.com.nsatc.net.",
"QTYPE": "1",
"Port": "60014",
"XID": "9256",
"BufferSize": "42",
"PacketData": "0x2428818000010001000000000366653206757064617465096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:00:59.274325-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "8.27.248.155",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "fe2.update.microsoft.com.nsatc.NET.",
"QTYPE": "1",
"QXID": "9256",
"XID": "40857",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "63",
"PacketData": "0x9F99000000010000000000010366653206757064617465096D6963726F736F667403636F6D056E73617463034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{F3CE997B-ED63-4096-944D-6E58D294F5EC}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:00:59.274553-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "fe2.update.microsoft.com.",
"QTYPE": "28",
"XID": "40778",
"Port": "59715",
"BufferSize": "42",
"PacketData": "0x9F4A010000010000000000000366653206757064617465096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{60BEDC80-A6A4-471C-A85A-E303AEE29276}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:00:59.274562-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "fe2.update.microsoft.com.nsatc.net.",
"QTYPE": "28",
"Port": "59715",
"XID": "40778",
"BufferSize": "42",
"PacketData": "0x9F4A818000010001000000000366653206757064617465096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:00:59.274617-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "8.27.81.27",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "fe2.update.microsoft.com.nsatc.NET.",
"QTYPE": "28",
"QXID": "40778",
"XID": "15048",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "63",
"PacketData": "0x3AC8000000010000000000010366653206757064617465096D6963726F736F667403636F6D056E73617463034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{60BEDC80-A6A4-471C-A85A-E303AEE29276}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:00:59.297985-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "8.27.81.27",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "fe2.update.microsoft.com.nsatc.NET.",
"QTYPE": "28",
"XID": "15048",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "363",
"PacketData": "0x3AC8840000010008000300010366653206757064617465096D6963726F736F667403636F6D056E73617463034E455400001C0001C00C001C00010000012C001026031030040300030000000000000061C00C001C00010000012C001026031030020E000300000000000002A2C00C001C00010000012C001026031030080500030000000000000042C00C001C00010000012C001026031030040300030000000000000062C00C001C00010000012C001026031030020E000300000000000002A1C00C001C00010000012C0010260310300C0400030000000000000115C00C001C00010000012C00102A010111F100300000000000A83E19A2C00C001C00010000012C001026031030000B000300000000000000B1C02500020001000151800018057573612D620570726F643109666F6F747072696E74C02BC02500020001000151800008057573612D63C126C02500020001000151800008057573612D64C12600002904B0000000000000",
"AdditionalInfo": ".",
"GUID": "{60BEDC80-A6A4-471C-A85A-E303AEE29276}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:00:59.298048-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "fe2.update.microsoft.com.",
"QTYPE": "28",
"XID": "40778",
"DNSSEC": "0",
"RCODE": "0",
"Port": "59715",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "314",
"PacketData": "0x9F4A818000010009000000000366653206757064617465096D6963726F736F667403636F6D00001C0001C00C0005000100000B6700240366653206757064617465096D6963726F736F667403636F6D056E73617463036E657400C036001C00010000012C001026031030040300030000000000000061C036001C00010000012C001026031030020E000300000000000002A2C036001C00010000012C001026031030080500030000000000000042C036001C00010000012C001026031030040300030000000000000062C036001C00010000012C001026031030020E000300000000000002A1C036001C00010000012C0010260310300C0400030000000000000115C036001C00010000012C00102A010111F100300000000000A83E19A2C036001C00010000012C001026031030000B000300000000000000B1",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "23",
"GUID": "{60BEDC80-A6A4-471C-A85A-E303AEE29276}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:00:59.328115-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "8.27.248.155",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "fe2.update.microsoft.com.nsatc.NET.",
"QTYPE": "1",
"XID": "40857",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "187",
"PacketData": "0x9F99840000010003000300010366653206757064617465096D6963726F736F667403636F6D056E73617463034E45540000010001C00C000100010000012C000434FE7241C00C000100010000012C000434FE7242C00C000100010000012C0004143EBEBAC02500020001000151800018057573612D620570726F643109666F6F747072696E74C02BC02500020001000151800008057573612D63C076C02500020001000151800008057573612D64C07600002904B0000000000000",
"AdditionalInfo": ".",
"GUID": "{F3CE997B-ED63-4096-944D-6E58D294F5EC}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:00:59.328247-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "fe2.update.microsoft.com.",
"QTYPE": "1",
"XID": "9256",
"DNSSEC": "0",
"RCODE": "0",
"Port": "60014",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "138",
"PacketData": "0x2428818000010004000000000366653206757064617465096D6963726F736F667403636F6D0000010001C00C0005000100000B6700240366653206757064617465096D6963726F736F667403636F6D056E73617463036E657400C036000100010000012B000434FE7241C036000100010000012B000434FE7242C036000100010000012B0004143EBEBA",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "53",
"GUID": "{F3CE997B-ED63-4096-944D-6E58D294F5EC}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:00.136458-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "1",
"XID": "39853",
"Port": "59913",
"BufferSize": "47",
"PacketData": "0x9BAD0100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{D87AF9A1-8D61-4586-AB77-33877021E5FA}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:00.136487-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.net.",
"QTYPE": "1",
"Port": "59913",
"XID": "39853",
"BufferSize": "47",
"PacketData": "0x9BAD8180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:00.136617-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "1",
"QXID": "39853",
"XID": "2150",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "73",
"PacketData": "0x08660000000100000000000106676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D87AF9A1-8D61-4586-AB77-33877021E5FA}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:00.136948-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "28",
"XID": "42354",
"Port": "56608",
"BufferSize": "47",
"PacketData": "0xA5720100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{7D471131-4E59-4346-9A50-FBDFEFC8BA48}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:00.136964-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.net.",
"QTYPE": "28",
"Port": "56608",
"XID": "42354",
"BufferSize": "47",
"PacketData": "0xA5728180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:00.137054-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "28",
"QXID": "42354",
"XID": "4149",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "73",
"PacketData": "0x10350000000100000000000106676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{7D471131-4E59-4346-9A50-FBDFEFC8BA48}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:00.161692-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "28",
"XID": "4149",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "132",
"PacketData": "0x10358420000100010000000106676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E455400001C0001C00C000500010000003C002F106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A75726503636F6D0000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{7D471131-4E59-4346-9A50-FBDFEFC8BA48}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:00.161746-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "28",
"Port": "56608",
"XID": "42354",
"BufferSize": "47",
"PacketData": "0xA5728180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:00.161926-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "40.90.4.205",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "28",
"QXID": "42354",
"XID": "42341",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "74",
"PacketData": "0xA56500000001000000000001106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A75726503636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{7D471131-4E59-4346-9A50-FBDFEFC8BA48}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:00.162939-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "1",
"XID": "2150",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "129",
"PacketData": "0x08668420000100010000000106676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E45540000010001C00C000500010000003C002C106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A75726503636F6D0000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{D87AF9A1-8D61-4586-AB77-33877021E5FA}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:00.163110-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "1",
"Port": "59913",
"XID": "39853",
"BufferSize": "47",
"PacketData": "0x9BAD8180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:00.163399-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2603:1061::cd",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "1",
"QXID": "39853",
"XID": "22512",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "74",
"PacketData": "0x57F000000001000000000001106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A75726503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D87AF9A1-8D61-4586-AB77-33877021E5FA}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:00.215765-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "40.90.4.205",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "28",
"XID": "42341",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "212",
"PacketData": "0xA56580000001000000040001106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A75726503636F6D00001C0001C01D000200010000012C0014076E73312D32303109617A7572652D646E73C036C03F000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C03F000200010000012C0017076E73332D32303109617A7572652D646E73036F726700C03F000200010000012C0018076E73342D32303109617A7572652D646E7304696E666F0000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{7D471131-4E59-4346-9A50-FBDFEFC8BA48}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:00.216259-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2620:1ec:8ec::c9",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "28",
"QXID": "42354",
"XID": "63373",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "74",
"PacketData": "0xF78D00000001000000000001106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A75726503636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{7D471131-4E59-4346-9A50-FBDFEFC8BA48}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:00.217574-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2603:1061::cd",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "1",
"XID": "22512",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "212",
"PacketData": "0x57F080000001000000040001106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A75726503636F6D0000010001C01D000200010000012C0014076E73312D32303109617A7572652D646E73C036C03F000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C03F000200010000012C0017076E73332D32303109617A7572652D646E73036F726700C03F000200010000012C0018076E73342D32303109617A7572652D646E7304696E666F0000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{D87AF9A1-8D61-4586-AB77-33877021E5FA}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:00.217735-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2620:1ec:8ec::c9",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "1",
"QXID": "39853",
"XID": "44667",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "74",
"PacketData": "0xAE7B00000001000000000001106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A75726503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D87AF9A1-8D61-4586-AB77-33877021E5FA}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:00.235285-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2620:1ec:8ec::c9",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "28",
"XID": "63373",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "145",
"PacketData": "0xF78D84000001000000010001106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A75726503636F6D00001C0001C01D000600010000003C003B076E73312D32303109617A7572652D646E73C036066D736E687374096D6963726F736F6674C03600002711000003840000012C00093A800000003C00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{7D471131-4E59-4346-9A50-FBDFEFC8BA48}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:00.235340-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "28",
"XID": "42354",
"DNSSEC": "0",
"RCODE": "0",
"Port": "56608",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "161",
"PacketData": "0xA5728180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001C00C0005000100000B66002E06676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572036E657400C03B000500010000003C002C106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A757265C026",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "98",
"GUID": "{7D471131-4E59-4346-9A50-FBDFEFC8BA48}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:00.242138-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2620:1ec:8ec::c9",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "1",
"XID": "44667",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "90",
"PacketData": "0xAE7B84000001000100000001106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000468D0105900002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{D87AF9A1-8D61-4586-AB77-33877021E5FA}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:00.242245-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "1",
"XID": "39853",
"DNSSEC": "0",
"RCODE": "0",
"Port": "59913",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "177",
"PacketData": "0x9BAD8180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C0005000100000B66002E06676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572036E657400C03B000500010000003C002C106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A757265C026C0750001000100000009000468D01059",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "106",
"GUID": "{D87AF9A1-8D61-4586-AB77-33877021E5FA}",
"EventReceivedTime": "2021-09-16T20:01:00.399465-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:00.745228-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "fe3.delivery.mp.microsoft.com.",
"QTYPE": "1",
"XID": "19354",
"Port": "50813",
"BufferSize": "47",
"PacketData": "0x4B9A01000001000000000000036665330864656C6976657279026D70096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{2E983163-7998-4EEF-87CA-F928F4079B39}",
"EventReceivedTime": "2021-09-16T20:01:01.399736-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:00.745250-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "fe3.delivery.dsp.mp.microsoft.com.nsatc.net.",
"QTYPE": "1",
"Port": "50813",
"XID": "19354",
"BufferSize": "47",
"PacketData": "0x4B9A81800001000100000000036665330864656C6976657279026D70096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:01.399736-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:00.745338-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "8.27.226.155",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "fe3.delivery.dsp.mp.microsoft.com.nsatc.NET.",
"QTYPE": "1",
"QXID": "19354",
"XID": "423",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "72",
"PacketData": "0x01A700000001000000000001036665330864656C697665727903647370026D70096D6963726F736F667403636F6D056E73617463034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{2E983163-7998-4EEF-87CA-F928F4079B39}",
"EventReceivedTime": "2021-09-16T20:01:01.399736-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:00.745573-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "fe3.delivery.mp.microsoft.com.",
"QTYPE": "28",
"XID": "5918",
"Port": "53867",
"BufferSize": "47",
"PacketData": "0x171E01000001000000000000036665330864656C6976657279026D70096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{F82D64A5-4CBB-4CA0-B73D-D8BBC3B5C850}",
"EventReceivedTime": "2021-09-16T20:01:01.399736-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:00.745582-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "fe3.delivery.dsp.mp.microsoft.com.nsatc.net.",
"QTYPE": "28",
"Port": "53867",
"XID": "5918",
"BufferSize": "47",
"PacketData": "0x171E81800001000100000000036665330864656C6976657279026D70096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:01.399736-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:00.745605-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "fe3.delivery.mp.microsoft.com.",
"QTYPE": "28",
"XID": "5918",
"DNSSEC": "0",
"RCODE": "0",
"Port": "53867",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "157",
"PacketData": "0x171E81800001000100010000036665330864656C6976657279026D70096D6963726F736F667403636F6D00001C0001C00C0005000100000B6C002D036665330864656C697665727903647370026D70096D6963726F736F667403636F6D056E73617463036E657400C05D00060001000000E000290561646D696EC05D03646E73066C6576656C33C06361250E9900002A3000000A8C0036EE8000000384",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{F82D64A5-4CBB-4CA0-B73D-D8BBC3B5C850}",
"EventReceivedTime": "2021-09-16T20:01:01.399736-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:00.772224-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "8.27.226.155",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "fe3.delivery.dsp.mp.microsoft.com.nsatc.NET.",
"QTYPE": "1",
"XID": "423",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "180",
"PacketData": "0x01A784000001000200030001036665330864656C697665727903647370026D70096D6963726F736F667403636F6D056E73617463034E45540000010001C00C000100010000012C000434986C60C00C000100010000012C0004287D7A97C02E00020001000151800018057573612D620570726F643109666F6F747072696E74C034C02E00020001000151800008057573612D63C06FC02E00020001000151800008057573612D64C06F00002904B0000000000000",
"AdditionalInfo": ".",
"GUID": "{2E983163-7998-4EEF-87CA-F928F4079B39}",
"EventReceivedTime": "2021-09-16T20:01:01.399736-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:00.772277-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "fe3.delivery.mp.microsoft.com.",
"QTYPE": "1",
"XID": "19354",
"DNSSEC": "0",
"RCODE": "0",
"Port": "50813",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "136",
"PacketData": "0x4B9A81800001000300000000036665330864656C6976657279026D70096D6963726F736F667403636F6D0000010001C00C0005000100000B6C002D036665330864656C697665727903647370026D70096D6963726F736F667403636F6D056E73617463036E657400C03B000100010000012B000434986C60C03B000100010000012B0004287D7A97",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "27",
"GUID": "{2E983163-7998-4EEF-87CA-F928F4079B39}",
"EventReceivedTime": "2021-09-16T20:01:01.399736-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:01.622299-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "28",
"XID": "42208",
"Port": "50813",
"BufferSize": "47",
"PacketData": "0xA4E00100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{42C0740E-4088-4A8B-B614-7B8A0F2EED55}",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:01.622373-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.net.",
"QTYPE": "28",
"Port": "50813",
"XID": "42208",
"BufferSize": "47",
"PacketData": "0xA4E08180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:01.622391-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "28",
"Port": "50813",
"XID": "42208",
"BufferSize": "47",
"PacketData": "0xA4E08180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:01.622811-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "28",
"XID": "42208",
"DNSSEC": "0",
"RCODE": "0",
"Port": "50813",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "222",
"PacketData": "0xA4E08180000100020001000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001C00C0005000100000B65002E06676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572036E657400C03B000500010000003B002C106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A757265C026C086000600010000003B0031076E73312D32303109617A7572652D646E73C026066D736E687374C01C00002711000003840000012C00093A800000003C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{42C0740E-4088-4A8B-B614-7B8A0F2EED55}",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:01.678116-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "geo.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "1",
"XID": "13173",
"Port": "63099",
"BufferSize": "50",
"PacketData": "0x3375010000010000000000000367656F0470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{F9E9CBAD-D437-41FE-9440-E5325B30ED6E}",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:01.678136-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "geo.prod.do.dsp.trafficmanager.net.",
"QTYPE": "1",
"Port": "63099",
"XID": "13173",
"BufferSize": "50",
"PacketData": "0x3375818000010001000000000367656F0470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:01.678226-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "geo.prod.do.dsp.trafficmanager.NET.",
"QTYPE": "1",
"QXID": "13173",
"XID": "24294",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "63",
"PacketData": "0x5EE6000000010000000000010367656F0470726F6402646F036473700E747261666669636D616E61676572034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{F9E9CBAD-D437-41FE-9440-E5325B30ED6E}",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:01.678808-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "geo.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "28",
"XID": "33601",
"Port": "54783",
"BufferSize": "50",
"PacketData": "0x8341010000010000000000000367656F0470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{2AB6D2F6-6CF2-4C02-A060-0BE05EC75E47}",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:01.678821-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "geo.prod.do.dsp.trafficmanager.net.",
"QTYPE": "28",
"Port": "54783",
"XID": "33601",
"BufferSize": "50",
"PacketData": "0x8341818000010001000000000367656F0470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:01.678976-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "geo.prod.do.dsp.trafficmanager.NET.",
"QTYPE": "28",
"QXID": "33601",
"XID": "5446",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "63",
"PacketData": "0x1546000000010000000000010367656F0470726F6402646F036473700E747261666669636D616E61676572034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{2AB6D2F6-6CF2-4C02-A060-0BE05EC75E47}",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:01.703038-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "geo.prod.do.dsp.trafficmanager.NET.",
"QTYPE": "1",
"XID": "24294",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "114",
"PacketData": "0x5EE6842000010001000000010367656F0470726F6402646F036473700E747261666669636D616E61676572034E45540000010001C00C000500010000012C00270861727261793830310470726F6402646F03647370026D70096D6963726F736F667403636F6D0000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{F9E9CBAD-D437-41FE-9440-E5325B30ED6E}",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:01.703070-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "array801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "1",
"Port": "63099",
"XID": "13173",
"BufferSize": "50",
"PacketData": "0x3375818000010002000000000367656F0470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:01.703211-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "40.90.4.6",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "array801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "1",
"QXID": "13173",
"XID": "30748",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "66",
"PacketData": "0x781C000000010000000000010861727261793830310470726F6402646F03647370026D70096D6963726F736F667403636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{F9E9CBAD-D437-41FE-9440-E5325B30ED6E}",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:01.706090-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "geo.prod.do.dsp.trafficmanager.NET.",
"QTYPE": "28",
"XID": "5446",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "114",
"PacketData": "0x1546842000010001000000010367656F0470726F6402646F036473700E747261666669636D616E61676572034E455400001C0001C00C000500010000012C00270861727261793631320470726F6402646F03647370026D70096D6963726F736F667403636F6D0000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{2AB6D2F6-6CF2-4C02-A060-0BE05EC75E47}",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:01.706132-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "array801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "28",
"Port": "54783",
"XID": "33601",
"BufferSize": "50",
"PacketData": "0x8341818000010002000000000367656F0470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:01.706555-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "40.90.4.6",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "array801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "28",
"QXID": "33601",
"XID": "34528",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "66",
"PacketData": "0x86E0000000010000000000010861727261793830310470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{2AB6D2F6-6CF2-4C02-A060-0BE05EC75E47}",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:01.727682-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "40.90.4.6",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "array801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "1",
"XID": "30748",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "82",
"PacketData": "0x781C840000010001000000010861727261793830310470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001C00C0001000100000E100004285B505900002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{F9E9CBAD-D437-41FE-9440-E5325B30ED6E}",
"EventReceivedTime": "2021-09-16T20:01:02.306887-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:01.727819-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "geo.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "1",
"XID": "13173",
"DNSSEC": "0",
"RCODE": "0",
"Port": "63099",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "137",
"PacketData": "0x3375818000010003000000000367656F0470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001C00C0005000100000B7100240367656F0470726F6402646F036473700E747261666669636D616E61676572036E657400C03E000500010000012B000B086172726179383031C010C06E0001000100000E0F0004285B5059",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "50",
"GUID": "{F9E9CBAD-D437-41FE-9440-E5325B30ED6E}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:01.734356-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "40.90.4.6",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "array801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "28",
"XID": "34528",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "139",
"PacketData": "0x86E0840000010000000100010861727261793830310470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001C015000600010000012C003D066E73312D303609617A7572652D646E73C02E13617A757265646E732D686F73746D6173746572C0240000000100000E100000012C0024EA000000012C00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{2AB6D2F6-6CF2-4C02-A060-0BE05EC75E47}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:01.734418-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "geo.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "28",
"XID": "33601",
"DNSSEC": "0",
"RCODE": "0",
"Port": "54783",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "121",
"PacketData": "0x8341818000010002000000000367656F0470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001C00C0005000100000B7100240367656F0470726F6402646F036473700E747261666669636D616E61676572036E657400C03E000500010000012B000B086172726179383031C010",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "55",
"GUID": "{2AB6D2F6-6CF2-4C02-A060-0BE05EC75E47}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:02.059403-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "kv801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "1",
"XID": "56777",
"Port": "50813",
"BufferSize": "52",
"PacketData": "0xDDC901000001000000000000056B763830310470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{6D922CC8-922A-4F1F-A748-ED74F923BD26}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.059453-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "kv801.prod.do.dsp.mp.microsoft.com.edgekey.net.",
"QTYPE": "1",
"Port": "50813",
"XID": "56777",
"BufferSize": "52",
"PacketData": "0xDDC981800001000100000000056B763830310470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.059481-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "e12437.g.akamaiedge.net.",
"QTYPE": "1",
"Port": "50813",
"XID": "56777",
"BufferSize": "52",
"PacketData": "0xDDC981800001000200000000056B763830310470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:02.059698-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "23.73.217.4",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "e12437.g.akamaiedge.NET.",
"QTYPE": "1",
"QXID": "56777",
"XID": "17304",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "52",
"PacketData": "0x4398000000010000000000010665313234333701670A616B616D616965646765034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{6D922CC8-922A-4F1F-A748-ED74F923BD26}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:02.059786-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "kv801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "28",
"XID": "52854",
"Port": "57305",
"BufferSize": "52",
"PacketData": "0xCE7601000001000000000000056B763830310470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{2F61FBAE-31BD-4C06-9333-A5E52C874036}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.059786-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "kv801.prod.do.dsp.mp.microsoft.com.edgekey.net.",
"QTYPE": "28",
"Port": "57305",
"XID": "52854",
"BufferSize": "52",
"PacketData": "0xCE7681800001000100000000056B763830310470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.059786-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "e12437.g.akamaiedge.net.",
"QTYPE": "28",
"Port": "57305",
"XID": "52854",
"BufferSize": "52",
"PacketData": "0xCE7681800001000200000000056B763830310470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:02.059787-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "kv801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "28",
"XID": "52854",
"DNSSEC": "0",
"RCODE": "0",
"Port": "57305",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "204",
"PacketData": "0xCE7681800001000200010000056B763830310470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001C00C0005000100000B720030056B763830310470726F6402646F03647370026D70096D6963726F736F667403636F6D07656467656B6579036E657400C04000050001000051C200160665313234333701670A616B616D616965646765C06BC08300060001000000E7002E036E3067C0850A686F73746D617374657206616B616D6169C02B61440250000003E8000003E8000003E800000708",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{2F61FBAE-31BD-4C06-9333-A5E52C874036}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:02.071475-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "23.73.217.4",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "e12437.g.akamaiedge.NET.",
"QTYPE": "1",
"XID": "17304",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "68",
"PacketData": "0x4398840000010001000000010665313234333701670A616B616D616965646765034E45540000010001C00C0001000100000014000417CAD18A0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{6D922CC8-922A-4F1F-A748-ED74F923BD26}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:02.071562-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "kv801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "1",
"XID": "56777",
"DNSSEC": "0",
"RCODE": "0",
"Port": "50813",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "162",
"PacketData": "0xDDC981800001000300000000056B763830310470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001C00C0005000100000B720030056B763830310470726F6402646F03647370026D70096D6963726F736F667403636F6D07656467656B6579036E657400C04000050001000051C200160665313234333701670A616B616D616965646765C06BC07C0001000100000014000417CAD18A",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "12",
"GUID": "{6D922CC8-922A-4F1F-A748-ED74F923BD26}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:02.259396-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "cp801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "1",
"XID": "61261",
"Port": "58068",
"BufferSize": "52",
"PacketData": "0xEF4D010000010000000000000563703830310470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{C2E4CA49-5990-43BD-BF7B-FF6277C1FAF7}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.259417-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "cp801.prod.do.dsp.mp.microsoft.com.edgekey.net.",
"QTYPE": "1",
"Port": "58068",
"XID": "61261",
"BufferSize": "52",
"PacketData": "0xEF4D818000010001000000000563703830310470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.259425-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "e12437.g.akamaiedge.net.",
"QTYPE": "1",
"Port": "58068",
"XID": "61261",
"BufferSize": "52",
"PacketData": "0xEF4D818000010002000000000563703830310470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:02.259451-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "cp801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "1",
"XID": "61261",
"DNSSEC": "0",
"RCODE": "0",
"Port": "58068",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "162",
"PacketData": "0xEF4D818000010003000000000563703830310470726F6402646F03647370026D70096D6963726F736F667403636F6D0000010001C00C0005000100000B7300300563703830310470726F6402646F03647370026D70096D6963726F736F667403636F6D07656467656B6579036E657400C04000050001000051C300160665313234333701670A616B616D616965646765C06BC07C0001000100000014000417CAD18A",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{C2E4CA49-5990-43BD-BF7B-FF6277C1FAF7}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:02.259631-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "cp801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "28",
"XID": "14939",
"Port": "63802",
"BufferSize": "52",
"PacketData": "0x3A5B010000010000000000000563703830310470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{7CE34C18-77F6-46A0-B3A3-145DEDEF86C6}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.260063-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "cp801.prod.do.dsp.mp.microsoft.com.edgekey.net.",
"QTYPE": "28",
"Port": "63802",
"XID": "14939",
"BufferSize": "52",
"PacketData": "0x3A5B818000010001000000000563703830310470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.260074-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "e12437.g.akamaiedge.net.",
"QTYPE": "28",
"Port": "63802",
"XID": "14939",
"BufferSize": "52",
"PacketData": "0x3A5B818000010002000000000563703830310470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:02.260096-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "cp801.prod.do.dsp.mp.microsoft.com.",
"QTYPE": "28",
"XID": "14939",
"DNSSEC": "0",
"RCODE": "0",
"Port": "63802",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "204",
"PacketData": "0x3A5B818000010002000100000563703830310470726F6402646F03647370026D70096D6963726F736F667403636F6D00001C0001C00C0005000100000B7300300563703830310470726F6402646F03647370026D70096D6963726F736F667403636F6D07656467656B6579036E657400C04000050001000051C300160665313234333701670A616B616D616965646765C06BC08300060001000000E7002E036E3067C0850A686F73746D617374657206616B616D6169C02B61440250000003E8000003E8000003E800000708",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{7CE34C18-77F6-46A0-B3A3-145DEDEF86C6}",
"EventReceivedTime": "2021-09-16T20:01:02.322039-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:02.449031-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "au.download.windowsupdate.com.",
"QTYPE": "1",
"XID": "5114",
"Port": "56548",
"BufferSize": "47",
"PacketData": "0x13FA0100000100000000000002617508646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{0443AC02-D687-4CA0-81C6-00A439384FEE}",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.449059-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "wu-shim.trafficmanager.net.",
"QTYPE": "1",
"Port": "56548",
"XID": "5114",
"BufferSize": "47",
"PacketData": "0x13FA8180000100010000000002617508646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.449070-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "download.windowsupdate.com.edgesuite.net.",
"QTYPE": "1",
"Port": "56548",
"XID": "5114",
"BufferSize": "47",
"PacketData": "0x13FA8180000100020000000002617508646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.449079-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "a767.dspw65.akamai.net.",
"QTYPE": "1",
"Port": "56548",
"XID": "5114",
"BufferSize": "47",
"PacketData": "0x13FA8180000100030000000002617508646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:02.449219-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "104.102.240.149",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "a767.dspw65.akamai.NET.",
"QTYPE": "1",
"QXID": "5114",
"XID": "28248",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0x6E580000000100000000000104613736370664737077363506616B616D6169034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{0443AC02-D687-4CA0-81C6-00A439384FEE}",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:02.449554-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "au.download.windowsupdate.com.",
"QTYPE": "28",
"XID": "43974",
"Port": "58331",
"BufferSize": "47",
"PacketData": "0xABC60100000100000000000002617508646F776E6C6F61640D77696E646F777375706461746503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{1E4F586F-2650-43CD-9FB7-4F044382881C}",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.449568-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "wu-shim.trafficmanager.net.",
"QTYPE": "28",
"Port": "58331",
"XID": "43974",
"BufferSize": "47",
"PacketData": "0xABC68180000100010000000002617508646F776E6C6F61640D77696E646F777375706461746503636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.449576-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "download.windowsupdate.com.edgesuite.net.",
"QTYPE": "28",
"Port": "58331",
"XID": "43974",
"BufferSize": "47",
"PacketData": "0xABC68180000100020000000002617508646F776E6C6F61640D77696E646F777375706461746503636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:02.449584-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "a767.dspw65.akamai.net.",
"QTYPE": "28",
"Port": "58331",
"XID": "43974",
"BufferSize": "47",
"PacketData": "0xABC68180000100030000000002617508646F776E6C6F61640D77696E646F777375706461746503636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:02.449692-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "88.221.81.192",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "a767.dspw65.akamai.NET.",
"QTYPE": "28",
"QXID": "43974",
"XID": "37227",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0x916B0000000100000000000104613736370664737077363506616B616D6169034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1E4F586F-2650-43CD-9FB7-4F044382881C}",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:02.461048-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "104.102.240.149",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "a767.dspw65.akamai.NET.",
"QTYPE": "1",
"XID": "28248",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "83",
"PacketData": "0x6E588400000100020000000104613736370664737077363506616B616D6169034E45540000010001C00C000100010000001400046866F049C00C000100010000001400046866F0530000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{0443AC02-D687-4CA0-81C6-00A439384FEE}",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:02.461117-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "au.download.windowsupdate.com.",
"QTYPE": "1",
"XID": "5114",
"DNSSEC": "0",
"RCODE": "0",
"Port": "56548",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "203",
"PacketData": "0x13FA8180000100050000000002617508646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001C00C0005000100000B74001C0777752D7368696D0E747261666669636D616E61676572036E657400C03B0005000100000B56002708646F776E6C6F61640D77696E646F777375706461746503636F6D09656467657375697465C052C06300050001000000CA001504613736370664737077363506616B616D6169C052C096000100010000001400046866F049C096000100010000001400046866F053",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "12",
"GUID": "{0443AC02-D687-4CA0-81C6-00A439384FEE}",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:02.486095-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "88.221.81.192",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "a767.dspw65.akamai.NET.",
"QTYPE": "28",
"XID": "37227",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "107",
"PacketData": "0x916B8400000100020000000104613736370664737077363506616B616D6169034E455400001C0001C00C001C000100000014001026001418C0000000000000006866F049C00C001C000100000014001026001418C0000000000000006866F0530000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{1E4F586F-2650-43CD-9FB7-4F044382881C}",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:02.486149-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "au.download.windowsupdate.com.",
"QTYPE": "28",
"XID": "43974",
"DNSSEC": "0",
"RCODE": "0",
"Port": "58331",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "227",
"PacketData": "0xABC68180000100050000000002617508646F776E6C6F61640D77696E646F777375706461746503636F6D00001C0001C00C0005000100000B74001C0777752D7368696D0E747261666669636D616E61676572036E657400C03B0005000100000B56002708646F776E6C6F61640D77696E646F777375706461746503636F6D09656467657375697465C052C06300050001000000CA001504613736370664737077363506616B616D6169C052C096001C000100000014001026001418C0000000000000006866F049C096001C000100000014001026001418C0000000000000006866F053",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "36",
"GUID": "{1E4F586F-2650-43CD-9FB7-4F044382881C}",
"EventReceivedTime": "2021-09-16T20:01:03.432282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:11.428129-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "1",
"XID": "3724",
"Port": "52288",
"BufferSize": "47",
"PacketData": "0x0E8C0100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{FC954BFA-34CD-4757-826A-A4546B520F1C}",
"EventReceivedTime": "2021-09-16T20:01:12.452498-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:11.428151-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.net.",
"QTYPE": "1",
"Port": "52288",
"XID": "3724",
"BufferSize": "47",
"PacketData": "0x0E8C8180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:12.452498-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:11.428159-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "1",
"Port": "52288",
"XID": "3724",
"BufferSize": "47",
"PacketData": "0x0E8C8180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:12.452498-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:11.428248-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "64.4.48.201",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "1",
"QXID": "3724",
"XID": "23403",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "74",
"PacketData": "0x5B6B00000001000000000001106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A75726503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{FC954BFA-34CD-4757-826A-A4546B520F1C}",
"EventReceivedTime": "2021-09-16T20:01:12.452498-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:11.428421-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "28",
"XID": "63692",
"Port": "63145",
"BufferSize": "47",
"PacketData": "0xF8CC0100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{F7D0F9E6-7BC4-47AD-BAA3-4EEB186044FF}",
"EventReceivedTime": "2021-09-16T20:01:12.452498-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:11.428432-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.net.",
"QTYPE": "28",
"Port": "63145",
"XID": "63692",
"BufferSize": "47",
"PacketData": "0xF8CC8180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:12.452498-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:11.428437-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "28",
"Port": "63145",
"XID": "63692",
"BufferSize": "47",
"PacketData": "0xF8CC8180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:12.452498-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:11.428460-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "28",
"XID": "63692",
"DNSSEC": "0",
"RCODE": "0",
"Port": "63145",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "222",
"PacketData": "0xF8CC8180000100020001000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001C00C0005000100000B5B002E06676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572036E657400C03B0005000100000031002C106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A757265C026C08600060001000000310031076E73312D32303109617A7572652D646E73C026066D736E687374C01C00002711000003840000012C00093A800000003C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{F7D0F9E6-7BC4-47AD-BAA3-4EEB186044FF}",
"EventReceivedTime": "2021-09-16T20:01:12.452498-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:11.448507-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "64.4.48.201",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "onedscolprdcus11.centralus.cloudapp.azure.com.",
"QTYPE": "1",
"XID": "23403",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "90",
"PacketData": "0x5B6B84000001000100000001106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000468D0105900002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{FC954BFA-34CD-4757-826A-A4546B520F1C}",
"EventReceivedTime": "2021-09-16T20:01:12.452498-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:11.448543-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "1",
"XID": "3724",
"DNSSEC": "0",
"RCODE": "0",
"Port": "52288",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "177",
"PacketData": "0x0E8C8180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C0005000100000B5B002E06676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572036E657400C03B0005000100000031002C106F6E656473636F6C70726463757331310963656E7472616C757308636C6F756461707005617A757265C026C075000100010000000A000468D01059",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "20",
"GUID": "{FC954BFA-34CD-4757-826A-A4546B520F1C}",
"EventReceivedTime": "2021-09-16T20:01:12.452498-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:18.197391-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "43839",
"Port": "55551",
"BufferSize": "41",
"PacketData": "0xAB3F010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{8D71AE24-7ACF-4A27-8385-CD3F5C79C107}",
"EventReceivedTime": "2021-09-16T20:01:19.205296-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:18.197415-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "55551",
"XID": "43839",
"BufferSize": "41",
"PacketData": "0xAB3F818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:01:19.205296-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:18.197581-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"QXID": "43839",
"XID": "19274",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "87",
"PacketData": "0x4B4A000000010000000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{8D71AE24-7ACF-4A27-8385-CD3F5C79C107}",
"EventReceivedTime": "2021-09-16T20:01:19.205296-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:01:18.197597-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "32560",
"Port": "55551",
"BufferSize": "41",
"PacketData": "0x7F30010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{0A8EEA11-9083-4DCB-BC30-AA9C02061B9F}",
"EventReceivedTime": "2021-09-16T20:01:19.205296-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:01:18.197607-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "55551",
"XID": "32560",
"BufferSize": "41",
"PacketData": "0x7F30818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:01:19.205296-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:01:18.197729-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"QXID": "32560",
"XID": "19921",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "87",
"PacketData": "0x4DD1000000010000000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{0A8EEA11-9083-4DCB-BC30-AA9C02061B9F}",
"EventReceivedTime": "2021-09-16T20:01:19.205296-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:18.219501-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"XID": "19274",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "260",
"PacketData": "0x4B4A840000010005000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D0000010001C00C0001000100000003000412CDDE80C00C0001000100000003000436A1F12EC00C0001000100000003000434CAA841C00C0001000100000003000436ED8551C00C002E000100000003006100010D03000000036145567E6142B37EAE90096865726F6B75646E7303636F6D00FBAEC3AEFC304E10959FFA0230EF614B9426FBD49C38EA56D4ABFB35BDF46E1CFA12F82AECED7218D8F7C4A03C16377086429000BDDE8CAAB54F3FBA1C3384C700002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{8D71AE24-7ACF-4A27-8385-CD3F5C79C107}",
"EventReceivedTime": "2021-09-16T20:01:19.205296-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:18.220097-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "43839",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55551",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0xAB3F818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C0005000100000BB900392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000002000412CDDE80C0350001000100000002000436A1F12EC0350001000100000002000434CAA841C0350001000100000002000436ED8551",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "23",
"GUID": "{8D71AE24-7ACF-4A27-8385-CD3F5C79C107}",
"EventReceivedTime": "2021-09-16T20:01:19.220409-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:01:18.220248-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"XID": "19921",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "452",
"PacketData": "0x4DD1840000010000000400012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C0001C039000600010000000A003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C061614404EE0000025800000384001275000000000AC039002E00010000000A006100060D020000003C6145567E6142B37EAE90096865726F6B75646E7303636F6D00D7D3DC7724EDB62B2C0A55704E6614FEFEB44306BF1B23DF111575C450764A338A5246E55196FE08D9D6A44BE843DB95DBD1E6C4D2B9C9BC2DA62D3AF76018A9C00C002F00010000000A004601002C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D000006400000000003C00C002E00010000000A0061002F0D030000000A6145567E6142B37EAE90096865726F6B75646E7303636F6D004D07450C6B8BFE7E3C1BB0246B618E9994F895DD4CC47183A3A24A053E5A29FA0300924E93E8F51E8CAA5E44D228D7A9B97A61B77012B8F7E0F08734FDAB2CF600002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{0A8EEA11-9083-4DCB-BC30-AA9C02061B9F}",
"EventReceivedTime": "2021-09-16T20:01:19.220409-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:01:18.224731-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "32560",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55551",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0x7F30818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C0005000100000BB900392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "23",
"GUID": "{0A8EEA11-9083-4DCB-BC30-AA9C02061B9F}",
"EventReceivedTime": "2021-09-16T20:01:19.220409-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 515,
"Version": 0,
"ChannelID": 17,
"OpcodeValue": 0,
"TaskValue": 5,
"Keywords": "4611686018428436480",
"EventTime": "2021-09-16T20:01:38.666920-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 1004,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "WIN-93NOI1UVL29",
"AccountName": "Administrator",
"UserID": "S-1-5-21-3792008863-3761660533-1198677510-500",
"AccountType": "User",
"Flags": "EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",
"Type": "28",
"NAME": "ns2.v6.example.com",
"TTL": "3600",
"BufferSize": "16",
"RDATA": "0x260104424400082AD65D64FFFE27597C",
"Zone": "example.com",
"ZoneScope": "Default",
"VirtualizationID": ".",
"EventReceivedTime": "2021-09-16T20:01:39.709331-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 516,
"Version": 0,
"ChannelID": 17,
"OpcodeValue": 0,
"TaskValue": 5,
"Keywords": "4611686018428436480",
"EventTime": "2021-09-16T20:02:15.135167-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 1540,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "WIN-93NOI1UVL29",
"AccountName": "Administrator",
"UserID": "S-1-5-21-3792008863-3761660533-1198677510-500",
"AccountType": "User",
"Flags": "EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",
"Type": "28",
"NAME": "router.v6.example.com",
"TTL": "0",
"BufferSize": "16",
"RDATA": "0x260104424400082A764401FFFE3E5A36",
"Zone": "example.com",
"ZoneScope": "Default",
"VirtualizationID": ".",
"EventReceivedTime": "2021-09-16T20:02:16.135552-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:36.444681-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"XID": "21389",
"Port": "43864",
"BufferSize": "47",
"PacketData": "0x538D0100000100000000000012636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{40A207A2-59B1-43E6-BAE4-98113CB4C223}",
"EventReceivedTime": "2021-09-16T20:02:37.435672-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:36.444873-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"XID": "21389",
"DNSSEC": "0",
"RCODE": "0",
"Port": "43864",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "108",
"PacketData": "0x538D8180000100000001000012636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C0001C01F000600010000012C0031036E73310963616E6F6E6963616CC0260A686F73746D6173746572C03F7849112A00002A3000000E1000093A8000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{40A207A2-59B1-43E6-BAE4-98113CB4C223}",
"EventReceivedTime": "2021-09-16T20:02:37.435672-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:36.445874-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "connectivity-check.ubuntu.com.example.com.",
"QTYPE": "28",
"XID": "21295",
"Port": "40906",
"BufferSize": "59",
"PacketData": "0x532F0100000100000000000012636F6E6E65637469766974792D636865636B067562756E747503636F6D076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{1DBCB19C-8589-47CD-8BB6-A4E4DF8167E8}",
"EventReceivedTime": "2021-09-16T20:02:37.435672-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:36.447623-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "connectivity-check.ubuntu.com.example.com.",
"QTYPE": "28",
"XID": "21295",
"DNSSEC": "0",
"RCODE": "3",
"Port": "40906",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "131",
"PacketData": "0x532F8583000100000001000012636F6E6E65637469766974792D636865636B067562756E747503636F6D076578616D706C6503636F6D00001C0001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001200000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "2",
"GUID": "{1DBCB19C-8589-47CD-8BB6-A4E4DF8167E8}",
"EventReceivedTime": "2021-09-16T20:02:37.435672-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:37.500866-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "28353",
"Port": "34040",
"BufferSize": "41",
"PacketData": "0x6EC1010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{F669A225-BC8B-4FCE-97FF-3DCDC3979077}",
"EventReceivedTime": "2021-09-16T20:02:38.450297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:37.500896-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "34040",
"XID": "28353",
"BufferSize": "41",
"PacketData": "0x6EC1818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:02:38.450297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:02:37.501027-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"QXID": "28353",
"XID": "143",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "87",
"PacketData": "0x008F000000010000000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{F669A225-BC8B-4FCE-97FF-3DCDC3979077}",
"EventReceivedTime": "2021-09-16T20:02:38.450297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:37.501044-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "22724",
"Port": "34040",
"BufferSize": "41",
"PacketData": "0x58C4010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{D15FA217-F63A-4200-AA49-BD2CE150D554}",
"EventReceivedTime": "2021-09-16T20:02:38.450297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:37.501055-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "34040",
"XID": "22724",
"BufferSize": "41",
"PacketData": "0x58C4818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:02:38.450297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:02:37.501599-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"QXID": "22724",
"XID": "3939",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "87",
"PacketData": "0x0F63000000010000000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D15FA217-F63A-4200-AA49-BD2CE150D554}",
"EventReceivedTime": "2021-09-16T20:02:38.450297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:02:37.522171-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"XID": "143",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "260",
"PacketData": "0x008F840000010005000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D0000010001C00C0001000100000003000434CAA841C00C0001000100000003000436ED8551C00C0001000100000003000436A1F12EC00C0001000100000003000412CDDE80C00C002E000100000003006100010D0300000003614556CD6142B3CDAE90096865726F6B75646E7303636F6D000896428443D4FD36DDF0D0047C89E7B8D65E331C04E7EF824D3ABA862E6717070DFBAE7891C1C29A090F63B23353DD531EF04701C973723FD8E9694329EF63A300002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{F669A225-BC8B-4FCE-97FF-3DCDC3979077}",
"EventReceivedTime": "2021-09-16T20:02:38.450297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:37.522607-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "28353",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34040",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0x6EC1818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C0005000100000B6A00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000003000434CAA841C0350001000100000003000436ED8551C0350001000100000003000436A1F12EC0350001000100000003000412CDDE80",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "22",
"GUID": "{F669A225-BC8B-4FCE-97FF-3DCDC3979077}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:02:37.522705-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"XID": "3939",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "452",
"PacketData": "0x0F63840000010000000400012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C0001C039000600010000000A003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C0616144054B0000025800000384001275000000000AC039002E00010000000A006100060D020000003C614556CD6142B3CDAE90096865726F6B75646E7303636F6D0091E615DC06357ACDDC9DD324E54A1F533AF928BE6BDBE2142A4BCCDFBA0CD9F946EB5B8ACF87C7A196A2141551C09593FEC2EAD0784B0ECB6CD8562E95CE9B22C00C002F00010000000A004601002C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D000006400000000003C00C002E00010000000A0061002F0D030000000A614556CD6142B3CDAE90096865726F6B75646E7303636F6D00D8305E68F06452332628373FA2856F8FCFB97591BB4CD8D6E31EAB2C404E2277B0B96CCFD692C72AA77B38B80E448A125845C56E208EE3AC91937A217C3A6AFF00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{D15FA217-F63A-4200-AA49-BD2CE150D554}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:37.523799-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "22724",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34040",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0x58C4818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C0005000100000B6A00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "23",
"GUID": "{D15FA217-F63A-4200-AA49-BD2CE150D554}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:37.816418-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "25916",
"Port": "49303",
"BufferSize": "41",
"PacketData": "0x653C010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{37F2A86F-6786-4009-97CF-F9966D07F554}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:37.816471-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "49303",
"XID": "25916",
"BufferSize": "41",
"PacketData": "0x653C818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:37.816693-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "25916",
"DNSSEC": "0",
"RCODE": "0",
"Port": "49303",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0x653C818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C0005000100000B6900392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000002000436ED8551C0350001000100000002000436A1F12EC0350001000100000002000412CDDE80C0350001000100000002000434CAA841",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{37F2A86F-6786-4009-97CF-F9966D07F554}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:37.816772-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "11813",
"Port": "49303",
"BufferSize": "41",
"PacketData": "0x2E25010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{2AD92699-7BAB-4F5D-9F2E-F61FCADDBB27}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:37.817446-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "49303",
"XID": "11813",
"BufferSize": "41",
"PacketData": "0x2E25818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:37.818188-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "11813",
"DNSSEC": "0",
"RCODE": "0",
"Port": "49303",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "175",
"PacketData": "0x2E25818000010001000100000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C0005000100000B6900392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0620006000100000009003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C0836144054B0000025800000384001275000000000A",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{2AD92699-7BAB-4F5D-9F2E-F61FCADDBB27}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:38.008738-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "10163",
"Port": "55973",
"BufferSize": "54",
"PacketData": "0x27B3010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{655153B3-79C3-4347-8F3A-3EB74FDF847A}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.008851-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "55973",
"XID": "10163",
"BufferSize": "54",
"PacketData": "0x27B3818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:02:38.009465-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "156.154.64.10",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"QXID": "10163",
"XID": "10567",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "49",
"PacketData": "0x2947000000010000000000010673332D312D7709616D617A6F6E61777303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{655153B3-79C3-4347-8F3A-3EB74FDF847A}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:38.009545-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "18051",
"Port": "55973",
"BufferSize": "54",
"PacketData": "0x4683010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{00D43B9E-7DCD-4267-BDEF-892E6CD11AD4}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.009835-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "55973",
"XID": "18051",
"BufferSize": "54",
"PacketData": "0x4683818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:02:38.010245-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "156.154.64.10",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"QXID": "18051",
"XID": "55017",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "49",
"PacketData": "0xD6E9000000010000000000010673332D312D7709616D617A6F6E61777303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00D43B9E-7DCD-4267-BDEF-892E6CD11AD4}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:02:38.051261-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "156.154.64.10",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"XID": "10567",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "634",
"PacketData": "0x2947840000010001000D000D0673332D312D7709616D617A6F6E61777303636F6D0000010001C00C000500010000012500110473332D770975732D656173742D31C0130975732D656173742D31C013000200010000025800140570646E733108756C747261646E73036E657400C037000200010000025800140570646E733308756C747261646E73036F726700C03700020001000002580005027531C013C03700020001000002580005027532C013C03700020001000002580011036E7331037033310664796E656374C068C03700020001000002580006036E7332C0BFC03700020001000002580005027533C013C03700020001000002580005027534C013C03700020001000002580005027535C013C03700020001000002580005027536C013C037000200010000025800150570646E733508756C747261646E7304696E666F00C03700020001000002580006036E7334C0BFC03700020001000002580006036E7333C0BFC099000100010000070800049C9A400AC099001C000100000E09001020010502F3FF00000000000000000010C0AA000100010000070800049C9A410AC0AA001C000100000E170010261000A1101400000000000000000010C0EA000100010000070800049C9A420AC0EA001C000100000DFD0010261000A1101500000000000000000010C0FB000100010000070800049C9A430AC0FB001C000100000E21001020010502461200000000000000000010C10C000100010000070800049C9A440AC10C001C000100000DF30010261000A1101600000000000000000010C11D000100010000070800049C9A450AC11D001C000100000E270010261000A11017000000000000000000100000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{655153B3-79C3-4347-8F3A-3EB74FDF847A}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.051371-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "55973",
"XID": "10163",
"BufferSize": "54",
"PacketData": "0x27B3818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:02:38.051572-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.193.72",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"QXID": "10163",
"XID": "33033",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "57",
"PacketData": "0x8109000000010000000000010473332D770975732D656173742D3109616D617A6F6E61777303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{655153B3-79C3-4347-8F3A-3EB74FDF847A}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:02:38.051704-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "156.154.64.10",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"XID": "55017",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "634",
"PacketData": "0xD6E9840000010001000D000D0673332D312D7709616D617A6F6E61777303636F6D00001C0001C00C000500010000012500110473332D770975732D656173742D31C0130975732D656173742D31C013000200010000025800140570646E733108756C747261646E73036E657400C037000200010000025800140570646E733308756C747261646E73036F726700C03700020001000002580005027531C013C03700020001000002580005027532C013C03700020001000002580011036E7331037033310664796E656374C068C03700020001000002580006036E7332C0BFC03700020001000002580005027533C013C03700020001000002580005027534C013C03700020001000002580005027535C013C03700020001000002580005027536C013C037000200010000025800150570646E733508756C747261646E7304696E666F00C03700020001000002580006036E7334C0BFC03700020001000002580006036E7333C0BFC099000100010000070800049C9A400AC099001C000100000E09001020010502F3FF00000000000000000010C0AA000100010000070800049C9A410AC0AA001C000100000E170010261000A1101400000000000000000010C0EA000100010000070800049C9A420AC0EA001C000100000DFD0010261000A1101500000000000000000010C0FB000100010000070800049C9A430AC0FB001C000100000E21001020010502461200000000000000000010C10C000100010000070800049C9A440AC10C001C000100000DF30010261000A1101600000000000000000010C11D000100010000070800049C9A450AC11D001C000100000E270010261000A11017000000000000000000100000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00D43B9E-7DCD-4267-BDEF-892E6CD11AD4}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.051822-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "55973",
"XID": "18051",
"BufferSize": "54",
"PacketData": "0x4683818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:02:38.051953-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.193.72",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"QXID": "18051",
"XID": "26902",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "57",
"PacketData": "0x6916000000010000000000010473332D770975732D656173742D3109616D617A6F6E61777303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00D43B9E-7DCD-4267-BDEF-892E6CD11AD4}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:02:38.071951-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "205.251.193.72",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"XID": "33033",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "210",
"PacketData": "0x8109842000010001000400010473332D770975732D656173742D3109616D617A6F6E61777303636F6D0000010001C00C0001000100000005000434D9552CC00C00020001000038050017076E732D3131373309617773646E732D3138036F726700C00C00020001000038050019076E732D3136323009617773646E732D313002636F02756B00C00C00020001000038050013066E732D33323809617773646E732D3431C025C00C00020001000038050016066E732D36373409617773646E732D3230036E6574000000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{655153B3-79C3-4347-8F3A-3EB74FDF847A}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:38.072048-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "10163",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55973",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0x27B3818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A4ED00090673332D312D77C023C042000500010000012500110473332D770975732D656173742D31C023C0570001000100000005000434D9552C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "64",
"GUID": "{655153B3-79C3-4347-8F3A-3EB74FDF847A}",
"EventReceivedTime": "2021-09-16T20:02:38.465406-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:02:38.073807-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "205.251.193.72",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"XID": "26902",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "135",
"PacketData": "0x6916842000010000000100010473332D770975732D656173742D3109616D617A6F6E61777303636F6D00001C0001C00C00060001000038050042066E732D33323809617773646E732D3431C02511617773646E732D686F73746D617374657206616D617A6F6EC0250000000100001C200000038400127500000001250000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00D43B9E-7DCD-4267-BDEF-892E6CD11AD4}",
"EventReceivedTime": "2021-09-16T20:02:38.493633-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:38.074029-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "18051",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55973",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "104",
"PacketData": "0x4683818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A4ED00090673332D312D77C023C042000500010000012500110473332D770975732D656173742D31C023",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "64",
"GUID": "{00D43B9E-7DCD-4267-BDEF-892E6CD11AD4}",
"EventReceivedTime": "2021-09-16T20:02:38.493633-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:38.274303-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "25504",
"Port": "34348",
"BufferSize": "54",
"PacketData": "0x63A0010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{3965283C-AF6F-4C15-8A2F-88FF7D8F7E06}",
"EventReceivedTime": "2021-09-16T20:02:38.493633-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.274419-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "34348",
"XID": "25504",
"BufferSize": "54",
"PacketData": "0x63A0818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:02:38.493633-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.275875-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "34348",
"XID": "25504",
"BufferSize": "54",
"PacketData": "0x63A0818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:02:38.496555-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:38.276181-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "25504",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34348",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0x63A0818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A4ED00090673332D312D77C023C042000500010000012500110473332D770975732D656173742D31C023C0570001000100000005000434D9552C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "2",
"GUID": "{3965283C-AF6F-4C15-8A2F-88FF7D8F7E06}",
"EventReceivedTime": "2021-09-16T20:02:38.496555-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:38.276380-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "55697",
"Port": "34348",
"BufferSize": "54",
"PacketData": "0xD991010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{1A348351-D1F2-494B-8487-3C621E41F109}",
"EventReceivedTime": "2021-09-16T20:02:38.496555-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.276439-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "34348",
"XID": "55697",
"BufferSize": "54",
"PacketData": "0xD991818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:02:38.496555-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.276477-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "34348",
"XID": "55697",
"BufferSize": "54",
"PacketData": "0xD991818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:02:38.496555-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:38.276656-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "55697",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34348",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "182",
"PacketData": "0xD991818000010002000100001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A4ED00090673332D312D77C023C042000500010000012500110473332D770975732D656173742D31C023C05700060001000001250042066E732D33323809617773646E732D3431C02D11617773646E732D686F73746D617374657206616D617A6F6EC02D0000000100001C20000003840012750000000125",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{1A348351-D1F2-494B-8487-3C621E41F109}",
"EventReceivedTime": "2021-09-16T20:02:38.496555-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:38.611473-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "49712",
"Port": "37023",
"BufferSize": "41",
"PacketData": "0xC230010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{37AA39EC-5C86-434D-A25F-5850AF6988FB}",
"EventReceivedTime": "2021-09-16T20:02:39.470928-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.611586-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "37023",
"XID": "49712",
"BufferSize": "41",
"PacketData": "0xC230818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:02:39.470928-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:38.611851-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "49712",
"DNSSEC": "0",
"RCODE": "0",
"Port": "37023",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0xC230818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C0005000100000B6900392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000002000436A1F12EC0350001000100000002000412CDDE80C0350001000100000002000434CAA841C0350001000100000002000436ED8551",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{37AA39EC-5C86-434D-A25F-5850AF6988FB}",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:38.612066-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "13615",
"Port": "37023",
"BufferSize": "41",
"PacketData": "0x352F010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{E3A5A738-742F-4016-B3B6-F45A88198BC2}",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.612124-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "37023",
"XID": "13615",
"BufferSize": "41",
"PacketData": "0x352F818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:38.613793-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "13615",
"DNSSEC": "0",
"RCODE": "0",
"Port": "37023",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "175",
"PacketData": "0x352F818000010001000100000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C0005000100000B6900392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0620006000100000009003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C0836144054B0000025800000384001275000000000A",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{E3A5A738-742F-4016-B3B6-F45A88198BC2}",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:38.830562-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "58592",
"Port": "40909",
"BufferSize": "54",
"PacketData": "0xE4E0010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{9F7CBEB0-7B5A-4AC4-BAD7-8E5DCAB5E0AA}",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.831407-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "40909",
"XID": "58592",
"BufferSize": "54",
"PacketData": "0xE4E0818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.831433-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "40909",
"XID": "58592",
"BufferSize": "54",
"PacketData": "0xE4E0818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:38.831561-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "58592",
"DNSSEC": "0",
"RCODE": "0",
"Port": "40909",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0xE4E0818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A4EC00090673332D312D77C023C042000500010000012400110473332D770975732D656173742D31C023C0570001000100000004000434D9552C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{9F7CBEB0-7B5A-4AC4-BAD7-8E5DCAB5E0AA}",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:38.831601-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "64927",
"Port": "40909",
"BufferSize": "54",
"PacketData": "0xFD9F010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{4C4CFA49-A877-41B8-B1F9-514C167E79B5}",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.831622-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "40909",
"XID": "64927",
"BufferSize": "54",
"PacketData": "0xFD9F818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:38.831638-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "40909",
"XID": "64927",
"BufferSize": "54",
"PacketData": "0xFD9F818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:38.831783-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "64927",
"DNSSEC": "0",
"RCODE": "0",
"Port": "40909",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "182",
"PacketData": "0xFD9F818000010002000100001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A4EC00090673332D312D77C023C042000500010000012400110473332D770975732D656173742D31C023C05700060001000001240042066E732D33323809617773646E732D3431C02D11617773646E732D686F73746D617374657206616D617A6F6EC02D0000000100001C20000003840012750000000125",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{4C4CFA49-A877-41B8-B1F9-514C167E79B5}",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:39.050583-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "23303",
"Port": "35330",
"BufferSize": "54",
"PacketData": "0x5B07010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{5F445C73-74DF-43A8-B886-C73F493250CA}",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:39.050583-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "35330",
"XID": "23303",
"BufferSize": "54",
"PacketData": "0x5B07818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:39.050583-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "35330",
"XID": "23303",
"BufferSize": "54",
"PacketData": "0x5B07818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:39.050584-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "23303",
"DNSSEC": "0",
"RCODE": "0",
"Port": "35330",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0x5B07818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A4EC00090673332D312D77C023C042000500010000012400110473332D770975732D656173742D31C023C0570001000100000004000434D9552C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{5F445C73-74DF-43A8-B886-C73F493250CA}",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:02:39.050587-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "27931",
"Port": "35330",
"BufferSize": "54",
"PacketData": "0x6D1B010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{A6F25A0A-2317-40DF-A92E-F071471EAD4A}",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:39.050587-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "35330",
"XID": "27931",
"BufferSize": "54",
"PacketData": "0x6D1B818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:02:39.050587-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "35330",
"XID": "27931",
"BufferSize": "54",
"PacketData": "0x6D1B818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:02:39.481826-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:02:39.050588-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "27931",
"DNSSEC": "0",
"RCODE": "0",
"Port": "35330",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "182",
"PacketData": "0x6D1B818000010002000100001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A4EC00090673332D312D77C023C042000500010000012400110473332D770975732D656173742D31C023C05700060001000001240042066E732D33323809617773646E732D3431C02D11617773646E732D686F73746D617374657206616D617A6F6EC02D0000000100001C20000003840012750000000125",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{A6F25A0A-2317-40DF-A92E-F071471EAD4A}",
"EventReceivedTime": "2021-09-16T20:02:39.496925-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:04:20.618881-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "1",
"XID": "30473",
"Port": "52288",
"BufferSize": "47",
"PacketData": "0x77090100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{C7CD2C29-232E-47B8-B6EC-1E863B6DB219}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:04:20.618912-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.net.",
"QTYPE": "1",
"Port": "52288",
"XID": "30473",
"BufferSize": "47",
"PacketData": "0x77098180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:04:20.619055-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "1",
"QXID": "30473",
"XID": "64446",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "73",
"PacketData": "0xFBBE0000000100000000000106676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{C7CD2C29-232E-47B8-B6EC-1E863B6DB219}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:04:20.619734-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "28",
"XID": "4949",
"Port": "60074",
"BufferSize": "47",
"PacketData": "0x13550100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{033B8C30-BFCA-4452-8814-332AB5266444}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:04:20.619753-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.net.",
"QTYPE": "28",
"Port": "60074",
"XID": "4949",
"BufferSize": "47",
"PacketData": "0x13558180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:04:20.619860-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "28",
"QXID": "4949",
"XID": "7016",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "73",
"PacketData": "0x1B680000000100000000000106676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{033B8C30-BFCA-4452-8814-332AB5266444}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:04:20.640834-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "1",
"XID": "64446",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "133",
"PacketData": "0xFBBE8420000100010000000106676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E45540000010001C00C000500010000003C0030106F6E656473636F6C70726477657530330A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{C7CD2C29-232E-47B8-B6EC-1E863B6DB219}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:04:20.640880-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "onedscolprdweu03.westeurope.cloudapp.azure.com.",
"QTYPE": "1",
"Port": "52288",
"XID": "30473",
"BufferSize": "47",
"PacketData": "0x77098180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:04:20.641083-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "40.90.4.205",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "onedscolprdweu03.westeurope.cloudapp.azure.com.",
"QTYPE": "1",
"QXID": "30473",
"XID": "52763",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "75",
"PacketData": "0xCE1B00000001000000000001106F6E656473636F6C70726477657530330A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{C7CD2C29-232E-47B8-B6EC-1E863B6DB219}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:04:20.641843-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "28",
"XID": "7016",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "133",
"PacketData": "0x1B688420000100010000000106676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E455400001C0001C00C000500010000003C0030106F6E656473636F6C70726477657530340A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{033B8C30-BFCA-4452-8814-332AB5266444}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:04:20.641899-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.36",
"RD": "1",
"QNAME": "onedscolprdweu03.westeurope.cloudapp.azure.com.",
"QTYPE": "28",
"Port": "60074",
"XID": "4949",
"BufferSize": "47",
"PacketData": "0x13558180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:04:20.642370-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2603:1061::cd",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "onedscolprdweu03.westeurope.cloudapp.azure.com.",
"QTYPE": "28",
"QXID": "4949",
"XID": "61767",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "75",
"PacketData": "0xF14700000001000000000001106F6E656473636F6C70726477657530330A776573746575726F706508636C6F756461707005617A75726503636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{033B8C30-BFCA-4452-8814-332AB5266444}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:04:20.684891-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "40.90.4.205",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "onedscolprdweu03.westeurope.cloudapp.azure.com.",
"QTYPE": "1",
"XID": "52763",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "213",
"PacketData": "0xCE1B80000001000000040001106F6E656473636F6C70726477657530330A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C01D000200010000012C0014076E73312D32303109617A7572652D646E73C037C040000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C040000200010000012C0017076E73332D32303109617A7572652D646E73036F726700C040000200010000012C0018076E73342D32303109617A7572652D646E7304696E666F0000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{C7CD2C29-232E-47B8-B6EC-1E863B6DB219}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:04:20.685229-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2620:1ec:8ec::c9",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "onedscolprdweu03.westeurope.cloudapp.azure.com.",
"QTYPE": "1",
"QXID": "30473",
"XID": "39175",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "75",
"PacketData": "0x990700000001000000000001106F6E656473636F6C70726477657530330A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{C7CD2C29-232E-47B8-B6EC-1E863B6DB219}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:04:20.703111-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2603:1061::cd",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "onedscolprdweu03.westeurope.cloudapp.azure.com.",
"QTYPE": "28",
"XID": "61767",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "213",
"PacketData": "0xF14780000001000000040001106F6E656473636F6C70726477657530330A776573746575726F706508636C6F756461707005617A75726503636F6D00001C0001C01D000200010000012C0014076E73312D32303109617A7572652D646E73C037C040000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C040000200010000012C0017076E73332D32303109617A7572652D646E73036F726700C040000200010000012C0018076E73342D32303109617A7572652D646E7304696E666F0000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{033B8C30-BFCA-4452-8814-332AB5266444}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:04:20.703566-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2620:1ec:8ec::c9",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "onedscolprdweu03.westeurope.cloudapp.azure.com.",
"QTYPE": "28",
"QXID": "4949",
"XID": "28968",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "75",
"PacketData": "0x712800000001000000000001106F6E656473636F6C70726477657530330A776573746575726F706508636C6F756461707005617A75726503636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{033B8C30-BFCA-4452-8814-332AB5266444}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:04:20.720591-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2620:1ec:8ec::c9",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "onedscolprdweu03.westeurope.cloudapp.azure.com.",
"QTYPE": "1",
"XID": "39175",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "91",
"PacketData": "0x990784000001000100000001106F6E656473636F6C70726477657530330A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456D8300002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{C7CD2C29-232E-47B8-B6EC-1E863B6DB219}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:04:20.720714-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "1",
"XID": "30473",
"DNSSEC": "0",
"RCODE": "0",
"Port": "52288",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "178",
"PacketData": "0x77098180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C0005000100000A9E002E06676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572036E657400C03B000500010000003C002D106F6E656473636F6C70726477657530330A776573746575726F706508636C6F756461707005617A757265C026C075000100010000000900040D456D83",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "101",
"GUID": "{C7CD2C29-232E-47B8-B6EC-1E863B6DB219}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:04:20.729023-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2620:1ec:8ec::c9",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "onedscolprdweu03.westeurope.cloudapp.azure.com.",
"QTYPE": "28",
"XID": "28968",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "146",
"PacketData": "0x712884000001000000010001106F6E656473636F6C70726477657530330A776573746575726F706508636C6F756461707005617A75726503636F6D00001C0001C01D000600010000003C003B076E73312D32303109617A7572652D646E73C037066D736E687374096D6963726F736F6674C03700002711000003840000012C00093A800000003C00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{033B8C30-BFCA-4452-8814-332AB5266444}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:04:20.729202-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.36",
"AA": "0",
"AD": "0",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "28",
"XID": "4949",
"DNSSEC": "0",
"RCODE": "0",
"Port": "60074",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "162",
"PacketData": "0x13558180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001C00C0005000100000A9E002E06676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572036E657400C03B000500010000003C002D106F6E656473636F6C70726477657530330A776573746575726F706508636C6F756461707005617A757265C026",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "110",
"GUID": "{033B8C30-BFCA-4452-8814-332AB5266444}",
"EventReceivedTime": "2021-09-16T20:04:21.627927-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:06:18.311397-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "11971",
"Port": "32814",
"BufferSize": "41",
"PacketData": "0x2EC3010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{DC8C1A75-7CAA-4B46-AEF9-93CA18ECF29B}",
"EventReceivedTime": "2021-09-16T20:06:19.321781-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:06:18.311417-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "32814",
"XID": "11971",
"BufferSize": "41",
"PacketData": "0x2EC3818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:06:19.321781-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:06:18.311510-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"QXID": "11971",
"XID": "17511",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "87",
"PacketData": "0x4467000000010000000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{DC8C1A75-7CAA-4B46-AEF9-93CA18ECF29B}",
"EventReceivedTime": "2021-09-16T20:06:19.321781-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:06:18.311524-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "9421",
"Port": "32814",
"BufferSize": "41",
"PacketData": "0x24CD010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{4C1ED5B2-551F-46B4-B684-32FBDE36B8AC}",
"EventReceivedTime": "2021-09-16T20:06:19.321781-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:06:18.311530-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "32814",
"XID": "9421",
"BufferSize": "41",
"PacketData": "0x24CD818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:06:19.321781-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:06:18.311639-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"QXID": "9421",
"XID": "48481",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "87",
"PacketData": "0xBD61000000010000000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{4C1ED5B2-551F-46B4-B684-32FBDE36B8AC}",
"EventReceivedTime": "2021-09-16T20:06:19.321781-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:06:18.332525-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"XID": "17511",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "260",
"PacketData": "0x4467840000010005000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D0000010001C00C0001000100000002000436A1F12EC00C0001000100000002000436ED8551C00C0001000100000002000412CDDE80C00C0001000100000002000434CAA841C00C002E000100000002006100010D0300000002614557AA6142B4AAAE90096865726F6B75646E7303636F6D00E5D9147A015695B554D61049C643A3025C5212BB2F76906506F1C37D4E2842F4A93499333FEB1D98D51CC94A549052AD52DC50254A92692EA30E75372FDEA6C300002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{DC8C1A75-7CAA-4B46-AEF9-93CA18ECF29B}",
"EventReceivedTime": "2021-09-16T20:06:19.321781-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:06:18.332589-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "11971",
"DNSSEC": "0",
"RCODE": "0",
"Port": "32814",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0x2EC3818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C0005000100000A8D00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000002000436A1F12EC0350001000100000002000436ED8551C0350001000100000002000412CDDE80C0350001000100000002000434CAA841",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "21",
"GUID": "{DC8C1A75-7CAA-4B46-AEF9-93CA18ECF29B}",
"EventReceivedTime": "2021-09-16T20:06:19.321781-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:06:18.332938-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"XID": "48481",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "452",
"PacketData": "0xBD61840000010000000400012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C0001C039000600010000000A003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C061614406290000025800000384001275000000000AC039002E00010000000A006100060D020000003C614557AA6142B4AAAE90096865726F6B75646E7303636F6D00EAEA8BB544E06DC7AF52FC2BED79274C03D99EE216A14DB0B6FF773BA373206F0D8A465EEECBA7E9967FEFD92329E3BC3C9BB29BC88DAA27AABB0AE4B2F5DF11C00C002F00010000000A004601002C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D000006400000000003C00C002E00010000000A0061002F0D030000000A614557AA6142B4AAAE90096865726F6B75646E7303636F6D00EC0866063718B0EA3885A2F3A9EBC96D5A2B445B32CD92E7944C3491ADD81D3888428F154EC6EFBA0A684DB7B4A6D69969F8BA0A5970B8C7C40588CF8B004B8800002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{4C1ED5B2-551F-46B4-B684-32FBDE36B8AC}",
"EventReceivedTime": "2021-09-16T20:06:19.321781-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:06:18.332938-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "9421",
"DNSSEC": "0",
"RCODE": "0",
"Port": "32814",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0x24CD818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C0005000100000A8D00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "22",
"GUID": "{4C1ED5B2-551F-46B4-B684-32FBDE36B8AC}",
"EventReceivedTime": "2021-09-16T20:06:19.321781-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:07:24.702242-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "1",
"XID": "45707",
"Port": "58414",
"BufferSize": "47",
"PacketData": "0xB28B0100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{108EAB29-3997-45E6-9B21-8E6DFBB1DAFE}",
"EventReceivedTime": "2021-09-16T20:07:25.697014-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:07:24.702272-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.net.",
"QTYPE": "1",
"Port": "58414",
"XID": "45707",
"BufferSize": "47",
"PacketData": "0xB28B8180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:07:25.697014-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:07:24.702432-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.206.36",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "tm1.edgedns-tm.info.",
"QTYPE": "1",
"QXID": "1",
"XID": "50404",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0xC4E40000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:07:25.697014-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:07:24.703201-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "28",
"XID": "65157",
"Port": "50813",
"BufferSize": "47",
"PacketData": "0xFE850100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{D38E9A38-415D-4D59-B14F-9B3AC883FFD2}",
"EventReceivedTime": "2021-09-16T20:07:25.697014-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:07:24.703219-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.net.",
"QTYPE": "28",
"Port": "50813",
"XID": "65157",
"BufferSize": "47",
"PacketData": "0xFE858180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:07:25.697014-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:07:24.703346-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2620:1ec:bda:10::24",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "tm1.edgedns-tm.info.",
"QTYPE": "1",
"QXID": "1",
"XID": "31794",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0x7C320000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:07:25.697014-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:07:24.734825-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.206.36",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "tm1.edgedns-tm.info.",
"QTYPE": "1",
"XID": "50404",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "64",
"PacketData": "0xC4E48420000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:07:25.697014-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:07:24.734968-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "1",
"QXID": "45707",
"XID": "38779",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "73",
"PacketData": "0x977B0000000100000000000106676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{108EAB29-3997-45E6-9B21-8E6DFBB1DAFE}",
"EventReceivedTime": "2021-09-16T20:07:25.697014-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:07:24.743484-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "2620:1ec:bda:10::24",
"InterfaceIP": "::",
"AA": "1",
"AD": "1",
"QNAME": "tm1.edgedns-tm.info.",
"QTYPE": "1",
"XID": "31794",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "64",
"PacketData": "0x7C328420000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:07:25.697014-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:07:24.743599-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "28",
"QXID": "65157",
"XID": "25334",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "62",
"PacketData": "0x62F60000000100000000000006676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E455400001C0001",
"AdditionalInfo": ".",
"GUID": "{D38E9A38-415D-4D59-B14F-9B3AC883FFD2}",
"EventReceivedTime": "2021-09-16T20:07:25.697014-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:07:24.757549-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "1",
"XID": "38779",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "129",
"PacketData": "0x977B8420000100010000000106676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E45540000010001C00C000500010000003C002C106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A75726503636F6D0000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{108EAB29-3997-45E6-9B21-8E6DFBB1DAFE}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:07:24.758032-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "onedscolprdwus00.westus.cloudapp.azure.com.",
"QTYPE": "1",
"Port": "58414",
"XID": "45707",
"BufferSize": "47",
"PacketData": "0xB28B8180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:07:24.758434-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2603:1061::cd",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "onedscolprdwus00.westus.cloudapp.azure.com.",
"QTYPE": "1",
"QXID": "45707",
"XID": "57975",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "71",
"PacketData": "0xE27700000001000000000001106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{108EAB29-3997-45E6-9B21-8E6DFBB1DAFE}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:07:24.776472-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "global.asimov.events.data.trafficmanager.NET.",
"QTYPE": "28",
"XID": "25334",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "118",
"PacketData": "0x62F68400000100010000000006676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572034E455400001C0001C00C000500010000003C002C106F6E656473636F6C70726465757330320665617374757308636C6F756461707005617A75726503636F6D00",
"AdditionalInfo": ".",
"GUID": "{D38E9A38-415D-4D59-B14F-9B3AC883FFD2}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:07:24.776570-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "onedscolprdwus00.westus.cloudapp.azure.com.",
"QTYPE": "28",
"Port": "50813",
"XID": "65157",
"BufferSize": "47",
"PacketData": "0xFE858180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:07:24.777649-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2603:1061::cd",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "onedscolprdwus00.westus.cloudapp.azure.com.",
"QTYPE": "28",
"QXID": "65157",
"XID": "45979",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "60",
"PacketData": "0xB39B00000001000000000000106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A75726503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{D38E9A38-415D-4D59-B14F-9B3AC883FFD2}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:07:24.814849-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2603:1061::cd",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "onedscolprdwus00.westus.cloudapp.azure.com.",
"QTYPE": "1",
"XID": "57975",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "205",
"PacketData": "0xE27780000001000000040001106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A75726503636F6D0000010001C01D000200010000012C0013066E73312D303209617A7572652D646E73C033C03C000200010000012C0016066E73322D303209617A7572652D646E73036E657400C03C000200010000012C0016066E73332D303209617A7572652D646E73036F726700C03C000200010000012C0017066E73342D303209617A7572652D646E7304696E666F0000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{108EAB29-3997-45E6-9B21-8E6DFBB1DAFE}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:07:24.815153-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "40.90.4.2",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "onedscolprdwus00.westus.cloudapp.azure.com.",
"QTYPE": "1",
"QXID": "45707",
"XID": "9652",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "71",
"PacketData": "0x25B400000001000000000001106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{108EAB29-3997-45E6-9B21-8E6DFBB1DAFE}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:07:24.834729-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2603:1061::cd",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "onedscolprdwus00.westus.cloudapp.azure.com.",
"QTYPE": "28",
"XID": "45979",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "194",
"PacketData": "0xB39B80000001000000040000106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A75726503636F6D00001C0001C01D000200010000012C0013066E73312D303209617A7572652D646E73C033C03C000200010000012C0016066E73322D303209617A7572652D646E73036E657400C03C000200010000012C0016066E73332D303209617A7572652D646E73036F726700C03C000200010000012C0017066E73342D303209617A7572652D646E7304696E666F00",
"AdditionalInfo": ".",
"GUID": "{D38E9A38-415D-4D59-B14F-9B3AC883FFD2}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:07:24.835050-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2603:1061::2",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "onedscolprdwus00.westus.cloudapp.azure.com.",
"QTYPE": "28",
"QXID": "65157",
"XID": "9171",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "71",
"PacketData": "0x23D300000001000000000001106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A75726503636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D38E9A38-415D-4D59-B14F-9B3AC883FFD2}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:07:24.841683-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "40.90.4.2",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "onedscolprdwus00.westus.cloudapp.azure.com.",
"QTYPE": "1",
"XID": "9652",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "87",
"PacketData": "0x25B484000001000100000001106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000414BDAD0100002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{108EAB29-3997-45E6-9B21-8E6DFBB1DAFE}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:07:24.842657-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "1",
"XID": "45707",
"DNSSEC": "0",
"RCODE": "0",
"Port": "58414",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0xB28B8180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C00050001000009E6002E06676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572036E657400C03B000500010000003C0029106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A757265C026C075000100010000000A000414BDAD01",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "140",
"GUID": "{108EAB29-3997-45E6-9B21-8E6DFBB1DAFE}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:07:24.854965-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2603:1061::2",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "onedscolprdwus00.westus.cloudapp.azure.com.",
"QTYPE": "28",
"XID": "9171",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "141",
"PacketData": "0x23D384000001000000010001106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A75726503636F6D00001C0001C01D000600010000003C003A066E73312D303209617A7572652D646E73C033066D736E687374096D6963726F736F6674C03300002711000003840000012C00093A800000003C00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{D38E9A38-415D-4D59-B14F-9B3AC883FFD2}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:07:24.855131-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "v10.events.data.microsoft.com.",
"QTYPE": "28",
"XID": "65157",
"DNSSEC": "0",
"RCODE": "0",
"Port": "50813",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "158",
"PacketData": "0xFE858180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D00001C0001C00C00050001000009E6002E06676C6F62616C066173696D6F76066576656E747304646174610E747261666669636D616E61676572036E657400C03B000500010000003C0029106F6E656473636F6C70726477757330300677657374757308636C6F756461707005617A757265C026",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "152",
"GUID": "{D38E9A38-415D-4D59-B14F-9B3AC883FFD2}",
"EventReceivedTime": "2021-09-16T20:07:25.713073-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:07:36.438420-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"XID": "62671",
"Port": "52165",
"BufferSize": "47",
"PacketData": "0xF4CF0100000100000000000012636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{68C7D13A-D74A-46CC-8146-8BEFE74213B1}",
"EventReceivedTime": "2021-09-16T20:07:37.447621-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:07:36.438961-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"XID": "62671",
"DNSSEC": "0",
"RCODE": "0",
"Port": "52165",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "108",
"PacketData": "0xF4CF8180000100000001000012636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C0001C01F00060001000000000031036E73310963616E6F6E6963616CC0260A686F73746D6173746572C03F7849112A00002A3000000E1000093A8000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{68C7D13A-D74A-46CC-8146-8BEFE74213B1}",
"EventReceivedTime": "2021-09-16T20:07:37.447621-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:07:36.439610-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "connectivity-check.ubuntu.com.example.com.",
"QTYPE": "28",
"XID": "20683",
"Port": "34353",
"BufferSize": "59",
"PacketData": "0x50CB0100000100000000000012636F6E6E65637469766974792D636865636B067562756E747503636F6D076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{01F0D68F-B2D3-4FFC-874E-9D8BB9E8A8BC}",
"EventReceivedTime": "2021-09-16T20:07:37.447621-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:07:36.439761-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "connectivity-check.ubuntu.com.example.com.",
"QTYPE": "28",
"XID": "20683",
"DNSSEC": "0",
"RCODE": "3",
"Port": "34353",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "131",
"PacketData": "0x50CB8583000100000001000012636F6E6E65637469766974792D636865636B067562756E747503636F6D076578616D706C6503636F6D00001C0001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001200000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{01F0D68F-B2D3-4FFC-874E-9D8BB9E8A8BC}",
"EventReceivedTime": "2021-09-16T20:07:37.447621-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 515,
"Version": 0,
"ChannelID": 17,
"OpcodeValue": 0,
"TaskValue": 5,
"Keywords": "4611686018428436480",
"EventTime": "2021-09-16T20:08:16.567333-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 5668,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "WIN-93NOI1UVL29",
"AccountName": "Administrator",
"UserID": "S-1-5-21-3792008863-3761660533-1198677510-500",
"AccountType": "User",
"Flags": "EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",
"Type": "5",
"NAME": "u20server-1.example.com",
"TTL": "3600",
"BufferSize": "17",
"RDATA": "0x106E73312E6578616D706C652E636F6D2E",
"Zone": "example.com",
"ZoneScope": "Default",
"VirtualizationID": ".",
"EventReceivedTime": "2021-09-16T20:08:17.553234-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 515,
"Version": 0,
"ChannelID": 17,
"OpcodeValue": 0,
"TaskValue": 5,
"Keywords": "4611686018428436480",
"EventTime": "2021-09-16T20:08:59.855800-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 1556,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "WIN-93NOI1UVL29",
"AccountName": "Administrator",
"UserID": "S-1-5-21-3792008863-3761660533-1198677510-500",
"AccountType": "User",
"Flags": "EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",
"Type": "5",
"NAME": "u20server-1.v6.example.com",
"TTL": "3600",
"BufferSize": "20",
"RDATA": "0x136E73312E76362E6578616D706C652E636F6D2E",
"Zone": "example.com",
"ZoneScope": "Default",
"VirtualizationID": ".",
"EventReceivedTime": "2021-09-16T20:09:00.862070-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:09:20.912928-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.",
"QTYPE": "1",
"XID": "18433",
"Port": "50813",
"BufferSize": "67",
"PacketData": "0x4801010000010000000000001673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{ECB58A4C-F3C9-40DC-8B70-33323A8F8499}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:20.913002-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "40.90.4.205",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.",
"QTYPE": "1",
"QXID": "18433",
"XID": "59244",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "78",
"PacketData": "0xE76C000000010000000000011673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{ECB58A4C-F3C9-40DC-8B70-33323A8F8499}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:09:20.913237-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.",
"QTYPE": "28",
"XID": "5339",
"Port": "57839",
"BufferSize": "67",
"PacketData": "0x14DB010000010000000000001673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{BE37EDAD-CEDD-48DD-B62B-C06DB3249AB6}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:20.913296-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2603:1061::cd",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.",
"QTYPE": "28",
"QXID": "5339",
"XID": "14237",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "78",
"PacketData": "0x379D000000010000000000011673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{BE37EDAD-CEDD-48DD-B62B-C06DB3249AB6}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:20.935869-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "40.90.4.205",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.",
"QTYPE": "1",
"XID": "59244",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "153",
"PacketData": "0xE76C840000010001000000011673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D0000010001C00C0005000100000E10003F1673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D07656467656B6579036E65740000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{ECB58A4C-F3C9-40DC-8B70-33323A8F8499}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:09:20.935912-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.edgekey.net.",
"QTYPE": "1",
"Port": "50813",
"XID": "18433",
"BufferSize": "67",
"PacketData": "0x4801818000010001000000001673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:20.936024-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "96.7.49.65",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.edgekey.NET.",
"QTYPE": "1",
"QXID": "18433",
"XID": "29689",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "90",
"PacketData": "0x73F9000000010000000000011673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D07656467656B6579034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{ECB58A4C-F3C9-40DC-8B70-33323A8F8499}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:20.947698-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2603:1061::cd",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.",
"QTYPE": "28",
"XID": "14237",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "153",
"PacketData": "0x379D840000010001000000011673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D00001C0001C00C0005000100000E10003F1673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D07656467656B6579036E65740000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{BE37EDAD-CEDD-48DD-B62B-C06DB3249AB6}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:09:20.947698-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.edgekey.net.",
"QTYPE": "28",
"Port": "57839",
"XID": "5339",
"BufferSize": "67",
"PacketData": "0x14DB818000010001000000001673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:20.947924-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "184.26.160.65",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.edgekey.NET.",
"QTYPE": "28",
"QXID": "5339",
"XID": "63750",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "90",
"PacketData": "0xF906000000010000000000011673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D07656467656B6579034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{BE37EDAD-CEDD-48DD-B62B-C06DB3249AB6}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:20.956124-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "96.7.49.65",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.edgekey.NET.",
"QTYPE": "1",
"XID": "29689",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "124",
"PacketData": "0x73F9840000010001000000011673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D07656467656B6579034E45540000010001C00C000500010000012C00160665313031393801620A616B616D616965646765C0460000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{ECB58A4C-F3C9-40DC-8B70-33323A8F8499}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:09:20.956158-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "e10198.b.akamaiedge.net.",
"QTYPE": "1",
"Port": "50813",
"XID": "18433",
"BufferSize": "67",
"PacketData": "0x4801818000010002000000001673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:20.956273-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "193.108.88.0",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "e10198.b.akamaiedge.NET.",
"QTYPE": "1",
"QXID": "18433",
"XID": "25433",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "52",
"PacketData": "0x6359000000010000000000010665313031393801620A616B616D616965646765034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{ECB58A4C-F3C9-40DC-8B70-33323A8F8499}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:20.994037-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "193.108.88.0",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "e10198.b.akamaiedge.NET.",
"QTYPE": "1",
"XID": "25433",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "380",
"PacketData": "0x63598000000100000008000B0665313031393801620A616B616D616965646765034E45540000010001C0130002000100000FA00006036E3562C015C0130002000100000FA00006036E3162C015C0130002000100000FA00006036E3662C015C0130002000100000FA00006036E3062C015C0130002000100000FA00006036E3462C015C0130002000100000FA00006036E3262C015C0130002000100000FA00006036E3762C015C0130002000100000FA00006036E3362C015C047001C000100000FA000102A0226F0005CF0000F325AA811E11363C0A10001000100000FA00004C6907307C06B0001000100000FA0000458DD51C0C0B30001000100000FA00004685BA705C0470001000100000FA00004685BA707C06B001C000100000FA0001026001480E800000000000000000000C0C08F0001000100000FA00004CC5D2EDDC07D0001000100000FA00004685BA706C0590001000100000FA00004685BA704C0350001000100000FA00004CC5D2EDE0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{ECB58A4C-F3C9-40DC-8B70-33323A8F8499}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:20.994207-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "104.91.167.7",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "e10198.b.akamaiedge.NET.",
"QTYPE": "1",
"QXID": "18433",
"XID": "59113",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "52",
"PacketData": "0xE6E9000000010000000000010665313031393801620A616B616D616965646765034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{ECB58A4C-F3C9-40DC-8B70-33323A8F8499}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:21.012209-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "184.26.160.65",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.edgekey.NET.",
"QTYPE": "28",
"XID": "63750",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "124",
"PacketData": "0xF906840000010001000000011673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D07656467656B6579034E455400001C0001C00C000500010000012C00160665313031393801620A616B616D616965646765C0460000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{BE37EDAD-CEDD-48DD-B62B-C06DB3249AB6}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:09:21.012209-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "e10198.b.akamaiedge.net.",
"QTYPE": "28",
"Port": "57839",
"XID": "5339",
"BufferSize": "67",
"PacketData": "0x14DB818000010002000000001673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:21.012303-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "104.91.167.4",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "e10198.b.akamaiedge.NET.",
"QTYPE": "28",
"QXID": "5339",
"XID": "21182",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "52",
"PacketData": "0x52BE000000010000000000010665313031393801620A616B616D616965646765034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{BE37EDAD-CEDD-48DD-B62B-C06DB3249AB6}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:21.015030-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "104.91.167.7",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "e10198.b.akamaiedge.NET.",
"QTYPE": "1",
"XID": "59113",
"RecursionDepth": "4",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "68",
"PacketData": "0xE6E9840000010001000000010665313031393801620A616B616D616965646765034E45540000010001C00C00010001000000140004174FC1F60000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{ECB58A4C-F3C9-40DC-8B70-33323A8F8499}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:09:21.015043-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.",
"QTYPE": "1",
"XID": "18433",
"DNSSEC": "0",
"RCODE": "0",
"Port": "50813",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "192",
"PacketData": "0x4801818000010003000000001673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D0000010001C00C0005000100000E0F003F1673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D07656467656B6579036E657400C04F000500010000012B00160665313031393801620A616B616D616965646765C089C09A00010001000000130004174FC1F6",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "102",
"GUID": "{ECB58A4C-F3C9-40DC-8B70-33323A8F8499}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:21.032993-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "104.91.167.4",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "e10198.b.akamaiedge.NET.",
"QTYPE": "28",
"XID": "21182",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "113",
"PacketData": "0x52BE840000010000000100010665313031393801620A616B616D616965646765034E455400001C0001C01300060001000003E80031036E3062C0150A686F73746D617374657206616B616D616903636F6D00614406E1000003E8000003E8000003E8000007080000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{BE37EDAD-CEDD-48DD-B62B-C06DB3249AB6}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:09:21.033055-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "storecatalogrevocation.storequality.microsoft.com.",
"QTYPE": "28",
"XID": "5339",
"DNSSEC": "0",
"RCODE": "0",
"Port": "57839",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "176",
"PacketData": "0x14DB818000010002000000001673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D00001C0001C00C0005000100000E0F003F1673746F7265636174616C6F677265766F636174696F6E0C73746F72657175616C697479096D6963726F736F667403636F6D07656467656B6579036E657400C04F000500010000012B00160665313031393801620A616B616D616965646765C089",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "120",
"GUID": "{BE37EDAD-CEDD-48DD-B62B-C06DB3249AB6}",
"EventReceivedTime": "2021-09-16T20:09:22.230063-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 516,
"Version": 0,
"ChannelID": 17,
"OpcodeValue": 0,
"TaskValue": 5,
"Keywords": "4611686018428436480",
"EventTime": "2021-09-16T20:09:22.953223-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 1556,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "WIN-93NOI1UVL29",
"AccountName": "Administrator",
"UserID": "S-1-5-21-3792008863-3761660533-1198677510-500",
"AccountType": "User",
"Flags": "EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",
"Type": "1",
"NAME": "router.example.com",
"TTL": "0",
"BufferSize": "4",
"RDATA": "0xC0A80101",
"Zone": "example.com",
"ZoneScope": "Default",
"VirtualizationID": ".",
"EventReceivedTime": "2021-09-16T20:09:23.964141-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:09:43.724538-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "settings-win.data.microsoft.com.",
"QTYPE": "1",
"XID": "25842",
"Port": "58205",
"BufferSize": "49",
"PacketData": "0x64F2010000010000000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{63DC22F3-2494-4CA4-8F11-A16ACA571CDD}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:09:43.724562-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "settingsfd-geo.trafficmanager.net.",
"QTYPE": "1",
"Port": "58205",
"XID": "25842",
"BufferSize": "49",
"PacketData": "0x64F2818000010001000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:43.724707-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "settingsfd-geo.trafficmanager.NET.",
"QTYPE": "1",
"QXID": "25842",
"XID": "9640",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "62",
"PacketData": "0x25A8000000010000000000010E73657474696E677366642D67656F0E747261666669636D616E61676572034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{63DC22F3-2494-4CA4-8F11-A16ACA571CDD}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:09:43.725117-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "settings-win.data.microsoft.com.",
"QTYPE": "28",
"XID": "14296",
"Port": "50813",
"BufferSize": "49",
"PacketData": "0x37D8010000010000000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{2578A533-BA90-442B-AD72-05D93500B019}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:09:43.725129-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "settingsfd-geo.trafficmanager.net.",
"QTYPE": "28",
"Port": "50813",
"XID": "14296",
"BufferSize": "49",
"PacketData": "0x37D8818000010001000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:43.726382-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "settingsfd-geo.trafficmanager.NET.",
"QTYPE": "28",
"QXID": "14296",
"XID": "27900",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "62",
"PacketData": "0x6CFC000000010000000000010E73657474696E677366642D67656F0E747261666669636D616E61676572034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{2578A533-BA90-442B-AD72-05D93500B019}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:43.757871-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "settingsfd-geo.trafficmanager.NET.",
"QTYPE": "1",
"XID": "9640",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "78",
"PacketData": "0x25A8842000010001000000010E73657474696E677366642D67656F0E747261666669636D616E61676572034E45540000010001C00C000100010000003C00041448CDD100002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{63DC22F3-2494-4CA4-8F11-A16ACA571CDD}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:09:43.757937-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "settings-win.data.microsoft.com.",
"QTYPE": "1",
"XID": "25842",
"DNSSEC": "0",
"RCODE": "0",
"Port": "58205",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "112",
"PacketData": "0x64F2818000010002000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001C00C000500010000095C00230E73657474696E677366642D67656F0E747261666669636D616E61676572036E657400C03D000100010000003C00041448CDD1",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "33",
"GUID": "{63DC22F3-2494-4CA4-8F11-A16ACA571CDD}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:43.758620-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "settingsfd-geo.trafficmanager.NET.",
"QTYPE": "28",
"XID": "27900",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "141",
"PacketData": "0x6CFC842000010000000100010E73657474696E677366642D67656F0E747261666669636D616E61676572034E455400001C00010E747261666669636D616E61676572036E657400000600010000001E003103746D3106646E732D746D03636F6D000A686F73746D6173746572C033070BEA85000003840000012C0024EA000000001E00002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{2578A533-BA90-442B-AD72-05D93500B019}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:09:43.758655-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "settings-win.data.microsoft.com.",
"QTYPE": "28",
"XID": "14296",
"DNSSEC": "0",
"RCODE": "0",
"Port": "50813",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "96",
"PacketData": "0x37D8818000010001000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D00001C0001C00C000500010000095C00230E73657474696E677366642D67656F0E747261666669636D616E61676572036E657400",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "34",
"GUID": "{2578A533-BA90-442B-AD72-05D93500B019}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:09:44.129231-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "adl.windows.com.",
"QTYPE": "1",
"XID": "33310",
"Port": "55747",
"BufferSize": "33",
"PacketData": "0x821E010000010000000000000361646C0777696E646F777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{A9E2DA2B-D99B-4F24-8C17-15BB4F656C58}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:44.129696-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2603:1061::cd",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "adl.windows.com.",
"QTYPE": "1",
"QXID": "33310",
"XID": "49407",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0xC0FF000000010000000000010361646C0777696E646F777303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{A9E2DA2B-D99B-4F24-8C17-15BB4F656C58}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:09:44.129942-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "adl.windows.com.",
"QTYPE": "28",
"XID": "65364",
"Port": "50813",
"BufferSize": "33",
"PacketData": "0xFF54010000010000000000000361646C0777696E646F777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{3473797B-6081-4C67-822B-9E9DCA8EC5C9}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:44.130008-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2603:1061::cd",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "adl.windows.com.",
"QTYPE": "28",
"QXID": "65364",
"XID": "51198",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0xC7FE000000010000000000010361646C0777696E646F777303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{3473797B-6081-4C67-822B-9E9DCA8EC5C9}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:44.149863-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2603:1061::cd",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "adl.windows.com.",
"QTYPE": "1",
"XID": "49407",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "87",
"PacketData": "0xC0FF840000010001000000010361646C0777696E646F777303636F6D0000010001C00C0005000100000E10001F0361646C0777696E646F777303636F6D09656467657375697465036E65740000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{A9E2DA2B-D99B-4F24-8C17-15BB4F656C58}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:09:44.149890-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "adl.windows.com.edgesuite.net.",
"QTYPE": "1",
"Port": "55747",
"XID": "33310",
"BufferSize": "33",
"PacketData": "0x821E818000010001000000000361646C0777696E646F777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:44.149975-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "adl.windows.com.edgesuite.NET.",
"QTYPE": "1",
"QXID": "33310",
"XID": "62730",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0xF50A000000010000000000010361646C0777696E646F777303636F6D09656467657375697465034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{A9E2DA2B-D99B-4F24-8C17-15BB4F656C58}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:44.165914-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2603:1061::cd",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "adl.windows.com.",
"QTYPE": "28",
"XID": "51198",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "87",
"PacketData": "0xC7FE840000010001000000010361646C0777696E646F777303636F6D00001C0001C00C0005000100000E10001F0361646C0777696E646F777303636F6D09656467657375697465036E65740000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{3473797B-6081-4C67-822B-9E9DCA8EC5C9}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:09:44.165934-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "adl.windows.com.edgesuite.net.",
"QTYPE": "28",
"Port": "50813",
"XID": "65364",
"BufferSize": "33",
"PacketData": "0xFF54818000010001000000000361646C0777696E646F777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:44.166008-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "95.100.173.64",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "adl.windows.com.edgesuite.NET.",
"QTYPE": "28",
"QXID": "65364",
"XID": "21473",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0x53E1000000010000000000010361646C0777696E646F777303636F6D09656467657375697465034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{3473797B-6081-4C67-822B-9E9DCA8EC5C9}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:44.185725-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "95.100.173.64",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "adl.windows.com.edgesuite.NET.",
"QTYPE": "28",
"XID": "21473",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "88",
"PacketData": "0x53E1840000010001000000010361646C0777696E646F777303636F6D09656467657375697465034E455400001C0001C00C0005000100005460001205613139343302673206616B616D6169C0260000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{3473797B-6081-4C67-822B-9E9DCA8EC5C9}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:09:44.185748-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "a1943.g2.akamai.net.",
"QTYPE": "28",
"Port": "50813",
"XID": "65364",
"BufferSize": "33",
"PacketData": "0xFF54818000010002000000000361646C0777696E646F777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:44.185953-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "96.7.49.193",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "a1943.g2.akamai.NET.",
"QTYPE": "28",
"QXID": "65364",
"XID": "38676",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0x97140000000100000000000105613139343302673206616B616D6169034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{3473797B-6081-4C67-822B-9E9DCA8EC5C9}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:44.187903-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "adl.windows.com.edgesuite.NET.",
"QTYPE": "1",
"XID": "62730",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "88",
"PacketData": "0xF50A840000010001000000010361646C0777696E646F777303636F6D09656467657375697465034E45540000010001C00C0005000100005460001205613139343302673206616B616D6169C0260000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{A9E2DA2B-D99B-4F24-8C17-15BB4F656C58}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:09:44.187927-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "a1943.g2.akamai.net.",
"QTYPE": "1",
"Port": "55747",
"XID": "33310",
"BufferSize": "33",
"PacketData": "0x821E818000010002000000000361646C0777696E646F777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:44.188038-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2600:1406:32::c1",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "a1943.g2.akamai.NET.",
"QTYPE": "1",
"QXID": "33310",
"XID": "7948",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0x1F0C0000000100000000000105613139343302673206616B616D6169034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{A9E2DA2B-D99B-4F24-8C17-15BB4F656C58}",
"EventReceivedTime": "2021-09-16T20:09:44.712121-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:44.206581-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "96.7.49.193",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "a1943.g2.akamai.NET.",
"QTYPE": "28",
"XID": "38676",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "356",
"PacketData": "0x97148000000100000008000A05613139343302673206616B616D6169034E455400001C0001C0120002000100000FA00007046E376732C015C0120002000100000FA00007046E356732C015C0120002000100000FA00007046E346732C015C0120002000100000FA00007046E306732C015C0120002000100000FA00007046E336732C015C0120002000100000FA00007046E326732C015C0120002000100000FA00007046E366732C015C0120002000100000FA00007046E316732C015C0440001000100000FA000046866F09CC0310001000100000FA0000468724FBDC0570001000100000FA000049239FE86C06A001C000100000FA0001026001480E800000000000000000000C0C0900001000100000FA000049239FE85C07D0001000100000FA000046866F095C06A0001000100000FA0000458DD51C0C0B60001000100000FA000049239FE87C0A30001000100000FA000046866F08F0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{3473797B-6081-4C67-822B-9E9DCA8EC5C9}",
"EventReceivedTime": "2021-09-16T20:09:44.727714-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:44.206837-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "146.57.254.134",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "a1943.g2.akamai.NET.",
"QTYPE": "28",
"QXID": "65364",
"XID": "43269",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0xA9050000000100000000000105613139343302673206616B616D6169034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{3473797B-6081-4C67-822B-9E9DCA8EC5C9}",
"EventReceivedTime": "2021-09-16T20:09:44.727714-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:44.218164-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "146.57.254.134",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "a1943.g2.akamai.NET.",
"QTYPE": "28",
"XID": "43269",
"RecursionDepth": "4",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "110",
"PacketData": "0xA9058400000100000001000105613139343302673206616B616D6169034E455400001C0001C01200060001000003E80032046E306732C0150A686F73746D617374657206616B616D616903636F6D00614406F8000003E8000003E8000003E8000007080000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{3473797B-6081-4C67-822B-9E9DCA8EC5C9}",
"EventReceivedTime": "2021-09-16T20:09:44.727714-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:09:44.218338-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "adl.windows.com.",
"QTYPE": "28",
"XID": "65364",
"DNSSEC": "0",
"RCODE": "0",
"Port": "50813",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "106",
"PacketData": "0xFF54818000010002000000000361646C0777696E646F777303636F6D00001C0001C00C0005000100000E0F001F0361646C0777696E646F777303636F6D09656467657375697465036E657400C02D0005000100005460001205613139343302673206616B616D6169C047",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "88",
"GUID": "{3473797B-6081-4C67-822B-9E9DCA8EC5C9}",
"EventReceivedTime": "2021-09-16T20:09:44.727714-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:44.222525-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2600:1406:32::c1",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "a1943.g2.akamai.NET.",
"QTYPE": "1",
"XID": "7948",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "356",
"PacketData": "0x1F0C8000000100000008000A05613139343302673206616B616D6169034E45540000010001C0120002000100000FA00007046E326732C015C0120002000100000FA00007046E346732C015C0120002000100000FA00007046E306732C015C0120002000100000FA00007046E316732C015C0120002000100000FA00007046E356732C015C0120002000100000FA00007046E366732C015C0120002000100000FA00007046E336732C015C0120002000100000FA00007046E376732C015C06A0001000100000FA000049239FE87C057001C000100000FA0001026001480E800000000000000000000C0C07D0001000100000FA000046866F09CC0900001000100000FA000046866F08FC0570001000100000FA0000458DD51C0C0A30001000100000FA000046866F095C0310001000100000FA000049239FE85C0B60001000100000FA0000468724FBDC0440001000100000FA000049239FE860000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{A9E2DA2B-D99B-4F24-8C17-15BB4F656C58}",
"EventReceivedTime": "2021-09-16T20:09:44.727714-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:44.223576-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "104.114.79.189",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "a1943.g2.akamai.NET.",
"QTYPE": "1",
"QXID": "33310",
"XID": "43723",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0xAACB0000000100000000000105613139343302673206616B616D6169034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{A9E2DA2B-D99B-4F24-8C17-15BB4F656C58}",
"EventReceivedTime": "2021-09-16T20:09:44.727714-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:44.242176-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "104.114.79.189",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "a1943.g2.akamai.NET.",
"QTYPE": "1",
"XID": "43723",
"RecursionDepth": "4",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "80",
"PacketData": "0xAACB8400000100020000000105613139343302673206616B616D6169034E45540000010001C00C000100010000001400046866F049C00C000100010000001400046866F0580000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{A9E2DA2B-D99B-4F24-8C17-15BB4F656C58}",
"EventReceivedTime": "2021-09-16T20:09:44.727714-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:09:44.242415-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "adl.windows.com.",
"QTYPE": "1",
"XID": "33310",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55747",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "138",
"PacketData": "0x821E818000010004000000000361646C0777696E646F777303636F6D0000010001C00C0005000100000E0F001F0361646C0777696E646F777303636F6D09656467657375697465036E657400C02D0005000100005460001205613139343302673206616B616D6169C047C058000100010000001300046866F049C058000100010000001300046866F058",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "114",
"GUID": "{A9E2DA2B-D99B-4F24-8C17-15BB4F656C58}",
"EventReceivedTime": "2021-09-16T20:09:44.727714-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:09:51.763032-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"XID": "1",
"Port": "52288",
"BufferSize": "90",
"PacketData": "0x0001010000010000000000000166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C0001",
"AdditionalInfo": ".",
"GUID": "{371CA9ED-CD3F-46AF-84F8-376E1B32B934}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:51.763165-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:503:ba3e::2:30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"QXID": "1",
"XID": "36427",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "101",
"PacketData": "0x8E4B000000010000000000010166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{371CA9ED-CD3F-46AF-84F8-376E1B32B934}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:51.782625-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:503:ba3e::2:30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"XID": "36427",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "909",
"PacketData": "0x8E4B800000010000000A000D0166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C0001C04C000200010002A300001001610B6970362D73657276657273C050C04C000200010002A30000040162C068C04C000200010002A30000040166C068C04C000200010002A30000040165C068C04C000200010002A30000040164C068C04C000200010002A30000040163C068C04C002B0001000151800024B0260802E6B54E0A20CE1EDBFCB6879C02F5782059CECB043A31D804A04AFA51AF01D5FBC04C002B0001000151800024FA3C08028A11501086330132BE2C23F22DEDF0634AD5FF668B4AA1988E172C6A2A4E5F7BC04C002B000100015180002436380802068554EFCB5861F42AF93EF8E79C442A86C16FC5652E6B6D2419ED527F344D17C04C002E0001000151800118002B0802000151806154FE006143CC70358F04617270610008E281AA9BC454845E4C34D880CA55499D4D83248D9E452AB5BEF1C18D83D2B7570000B85620208D251EDA5C9B80F4EFD50CF9454624F325460AB375C1E2C69E70D7816D76B8466CACBFC3595184AAC5AD04506D8022A3AD86370B526C405DF7D62D9BCB2B5309E56212AA4289B5CC548265645951DC2C9FEDD2A4663C81F911BC5BA9601E8D1F380C8CACE2F28F3B51F75BE0F12D9237DE51FF1B9D8D09198B7FEF5797634C8AF05FC4BD5800477A9888E39FA0262A77C47593C241FFE61F015DCC03B9532F8826F7FCBE70846A99F56F99A5B0E857AAB6C17B130C3A1472EFDBFF47712DA7051ECB889B5EA85108418BA4AC8ED7094D41BF50DC00E9847320C066000100010002A3000004C7B4B635C066001C00010002A300001026200037E00000000000000000000053C082000100010002A3000004C7FDB6B6C082001C00010002A300001020010500008600000000000000000086C092000100010002A3000004C1000902C092001C00010002A30000102001067C00E000000000000000000002C0A2000100010002A3000004CB775665C0A2001C00010002A300001020010DD8000600000000000000000101C0B2000100010002A3000004C8075635C0B2001C00010002A3000010200113C7701200000000000000000053C0C2000100010002A3000004C4D8A90BC0C2001C00010002A3000010200143F80110000000000000000000110000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{371CA9ED-CD3F-46AF-84F8-376E1B32B934}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:51.782783-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:13c7:7012::53",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"QXID": "1",
"XID": "17752",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "101",
"PacketData": "0x4558000000010000000000010166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{371CA9ED-CD3F-46AF-84F8-376E1B32B934}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:51.958954-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:13c7:7012::53",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"XID": "17752",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "454",
"PacketData": "0x4558800000010000000800010166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C0001013001360132036970360461727061000002000100015180000C0172046172696E036E657400C05A000200010001518000040179C076C05A00020001000151800004017AC076C05A000200010001518000040175C076C05A000200010001518000040178C076C05A00020001000151800017046172696E0761757468646E730472697065036E657400C05A002B00010001518000243D2D08024AC95E372E29678B92E3401AF45B5C2BA7F8EBCBA81968BE28D6C74466D18CD2C05A002E000100015180009C002B080500015180614CB7DA6130D359A810036970360461727061009A48E458E139DBE2397A8B56F83A21455E347442DFEE7E74B46B9C34CF53AA8FE3BA205CE56FCD8BC3E99B3BCAF6B0BC287394D14696E80AEB38A2ABC1CDF645AA2F5EA25784711474ABB5FFC1C556972315A855B6410BC884D0365A7A4F0707CC8A30CC68675A158C08CC88F3E81D9B0B0197090CEA8A4172DA6383FCB90DA60000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{371CA9ED-CD3F-46AF-84F8-376E1B32B934}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:51.959134-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:503:d414::30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "r.arin.NET.",
"QTYPE": "1",
"QXID": "1",
"XID": "16927",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "39",
"PacketData": "0x421F000000010000000000010172046172696E034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:51.977966-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:503:d414::30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "r.arin.NET.",
"QTYPE": "1",
"XID": "16927",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "528",
"PacketData": "0x421F800000010000000600090172046172696E034E45540000010001C00E000200010002A3000006036E7331C00EC00E000200010002A3000006036E7332C00EC00E000200010002A30000040175C00EC00E000200010002A3000006036E7333C00EC00E002B0001000151800024B8C6080202FF0A09A1A577854C2163EB32087159CA01A195106192929450DC3ED9435D1BC00E002E00010001518000B7002B080200015180614C13EE6142C906FF62036E657400A0EA922E1A674435540E6AD3FF5E7FFBD7FFCC3CA4AEC677A4D0B38DB010604EBFEA7C422C8BC7040909869E218D4A77D5EFBC031F15CA5679621C2804D7AA80A8080D8D306059222FA3C68C0BB304BD6D5D20D5927CE0692B1719FC6A0D96F0031272705C80146AAC90AD7E450D2598BC42787C4CAA5181C86EFD6A430D642F555C6CBB46CB16F7FD7DEEEE057E0F0C94805A0AD8B89F0B70267A6B75F11E83C028000100010002A3000004C7D4006CC028001C00010002A300001020010500001300000000000000000108C03A000100010002A3000004C747006CC03A001C00010002A300001020010500003100000000000000000108C04C001C00010002A3000010200105000014605000AD000000000001C04C000100010002A3000004CC3DD832C05C000100010002A3000004C7051A6CC05C001C00010002A30000102001050000A9000000000000000001080000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:51.978144-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "199.5.26.108",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "r.arin.NET.",
"QTYPE": "1",
"QXID": "1",
"XID": "62793",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "39",
"PacketData": "0xF549000000010000000000010172046172696E034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.142833-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "199.5.26.108",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "r.arin.NET.",
"QTYPE": "1",
"XID": "62793",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "233",
"PacketData": "0xF549840000010002000000010172046172696E034E455400000100010172046172696E036E657400000100010000A8C00004C7B4B43FC01C002E00010000A8C0009C000108030000A8C06155A6CD614323BD8952046172696E036E657400B027F70F1F25C60484AE6083FF6E3ECED457732D5ACE3B40C9F74A037AF6CA77BD517C0FD2274632CDDD94A8A6FBAE6AA90E48A8B2420345A787B71D65E8CDE43B96A95227A67DCBFB44FD23F11104297E887F63C71E00DA19DD0EACE0DA8D3A204D9DF9E46620ED8468BBFAFD8AE6DE00C8A001D29E8191CA7572BC543C505E0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:52.142964-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "199.180.180.63",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"QXID": "1",
"XID": "5235",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "101",
"PacketData": "0x1473000000010000000000010166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{371CA9ED-CD3F-46AF-84F8-376E1B32B934}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.179146-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "199.180.180.63",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"XID": "5235",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "433",
"PacketData": "0x1473800000010000000700010166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C0001C0420002000100015180001406646E7331303507636F6D63617374036E657400C0420002000100015180000906646E73313034C06DC0420002000100015180000906646E73313033C06DC0420002000100015180000906646E73313031C06DC0420002000100015180000906646E73313032C06DC042002F000100002A30001E013001300132013001360132036970360461727061000006200000000003C042002E000100002A3000A2002F080700002A3061566D5D6143EA4D2BD8013001360132036970360461727061000F376BF84A921AB8658022A4E48EBBEAD91A0D53E16D5516C0BD669F3784FF0C68C88503D52F4DBCE0050358A8B76BDB939F5A25480E23EFAE29373B09B11DAFDD140AF9E824B551D0A70926D573AD3478BE92F2B23010D746402AF1F5311956129EA578D1C45EB18D704BF49A97E055EA11181B6FC9D9A66F54CA7700F39F100000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{371CA9ED-CD3F-46AF-84F8-376E1B32B934}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:52.179292-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "192.31.80.30",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "dns105.comcast.NET.",
"QTYPE": "1",
"QXID": "1",
"XID": "37311",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "47",
"PacketData": "0x91BF0000000100000000000106646E7331303507636F6D63617374034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.216645-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "192.31.80.30",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "dns105.comcast.NET.",
"QTYPE": "1",
"XID": "37311",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "644",
"PacketData": "0x91BF8000000100000008000B06646E7331303507636F6D63617374034E45540000010001C013000200010002A300000906646E73313031C013C013000200010002A300000906646E73313032C013C013000200010002A300000906646E73313033C013C013000200010002A300000906646E73313034C013C013000200010002A3000002C00CC013002B00010001518000249FCD050230C0F50E68DCC9A2F279A994C07CF22CED97AADF44C2B1FE38A1B32BA1A34174C013002B00010001518000189FCD0501DDC19733884EE533B35B4B57717BEA9B0EF2C4D1C013002E00010001518000B7002B08020001518061496FBA614024D2FF62036E6574000C0D4D8D2844399C3CC75CEA9C7640781CCE71200BF65BC460467C0D78F796A2564D22BEB69755AB697D652830141F836532CBBF96BEC7F2C3DCAF8FC6B7A93AB5BE6615649074372B767FAF34620E8236C6CEDBAD46483A2BECE0B002C8F59F04319EFB4820C39DD9D333D41A7F659E7BF6ED2609F05F24B1FD7B8A68675658ACCB109ED364D97DE214108546466799E65D8116D43AFD1C4C23E16AE30BF4B5C030001C00010002A300001020010558FE2300080069025202500103C030000100010002A300000445FCFA67C045001C00010002A300001020010558100400070068008700850132C045000100010002A300000444575584C05A001C00010002A3000010200105581014000C0068008700760228C05A000100010002A300000444574CE4C06F001C00010002A300001020010558100A00050068008700680244C06F000100010002A3000004445744F4C00C001C00010002A300001020010558100E00050068008700720244C00C000100010002A3000004445748F40000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:52.216906-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:558:1004:7:68:87:85:132",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "dns105.comcast.NET.",
"QTYPE": "1",
"QXID": "1",
"XID": "37138",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "47",
"PacketData": "0x91120000000100000000000106646E7331303507636F6D63617374034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.243506-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2001:558:1004:7:68:87:85:132",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "dns105.comcast.NET.",
"QTYPE": "1",
"XID": "37138",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "234",
"PacketData": "0x91128400000100020000000106646E7331303507636F6D63617374034E45540000010001C00C0001000100001C200004445748F4C00C002E000100001C20009F0001050300001C2061532A47613CBF9B67B607636F6D63617374036E6574008D1374EF0EE61469F91046F3725D3FCD4CAC3F93DD92241DD1EC5A608FB2B2DFF4121DEEC0761A8C9E281E6234BE844C104D859F9F5643CD6499B548F818CA976DCD6ACF0A231AA51AA93C98958D3B8EDA4099D1C6883ED4A7AABB68002321DDF6E5595A76C31AFB3923F3A9CD7ED75F805ECF5FB60E86926AFC308168E108460000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:52.243658-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:558:100e:5:68:87:72:244",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"QXID": "1",
"XID": "58158",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "101",
"PacketData": "0xE32E000000010000000000010166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{371CA9ED-CD3F-46AF-84F8-376E1B32B934}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.261568-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33795",
"TCP": "0",
"Source": "2001:558:100e:5:68:87:72:244",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"XID": "58158",
"RecursionDepth": "4",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "182",
"PacketData": "0xE32E840300010000000100010166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C0001C0420006000100000384004506646E7331303107636F6D63617374036E65740009646E736D61737465720D636F6D636173746F6E6C696E6503636F6D00780C9EE200001C200000012C00093A80000003840000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{371CA9ED-CD3F-46AF-84F8-376E1B32B934}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:09:52.261629-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33155",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"XID": "1",
"DNSSEC": "0",
"RCODE": "3",
"Port": "52288",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "171",
"PacketData": "0x0001818300010000000100000166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C0001C0420006000100000383004506646E7331303107636F6D63617374036E65740009646E736D61737465720D636F6D636173746F6E6C696E6503636F6D00780C9EE200001C200000012C00093A8000000384",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "499",
"GUID": "{371CA9ED-CD3F-46AF-84F8-376E1B32B934}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:09:52.263280-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "cert.org.v6.example.com.",
"QTYPE": "1",
"XID": "2",
"Port": "52528",
"BufferSize": "41",
"PacketData": "0x0002010000010000000000000463657274036F7267027636076578616D706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{95B8ED6F-07DF-440D-A88B-1CA44CA0B740}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:09:52.263364-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "1",
"AD": "0",
"QNAME": "cert.org.v6.example.com.",
"QTYPE": "1",
"XID": "2",
"DNSSEC": "0",
"RCODE": "3",
"Port": "52528",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "113",
"PacketData": "0x0002858300010000000100000463657274036F7267027636076578616D706C6503636F6D0000010001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{95B8ED6F-07DF-440D-A88B-1CA44CA0B740}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:09:52.263588-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "cert.org.v6.example.com.",
"QTYPE": "28",
"XID": "3",
"Port": "52581",
"BufferSize": "41",
"PacketData": "0x0003010000010000000000000463657274036F7267027636076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{D60C9A1F-E96E-4FEA-94D2-4B0F7A32ED56}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:09:52.263609-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "1",
"AD": "0",
"QNAME": "cert.org.v6.example.com.",
"QTYPE": "28",
"XID": "3",
"DNSSEC": "0",
"RCODE": "3",
"Port": "52581",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "113",
"PacketData": "0x0003858300010000000100000463657274036F7267027636076578616D706C6503636F6D00001C0001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{D60C9A1F-E96E-4FEA-94D2-4B0F7A32ED56}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:09:52.263739-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "cert.org.",
"QTYPE": "1",
"XID": "4",
"Port": "52582",
"BufferSize": "26",
"PacketData": "0x0004010000010000000000000463657274036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{A83A2976-B485-4486-B333-4B756EB8DB35}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:52.263827-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "199.19.53.1",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "cert.org.",
"QTYPE": "1",
"QXID": "4",
"XID": "17678",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "37",
"PacketData": "0x450E000000010000000000010463657274036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{A83A2976-B485-4486-B333-4B756EB8DB35}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.381431-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "199.19.53.1",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "cert.org.",
"QTYPE": "1",
"XID": "17678",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "585",
"PacketData": "0x450E800000010000000600010463657274036F72670000010001C00C00020001000151800011036E73310373656903636D750365647500C00C00020001000151800006036E7332C02A203169383730766A3568343239766A39706369376172366539676B693734747237C0110032000100015180002B0101000A08332539EE7F95C32A140C907D989054FC4C24368D17E3C92EA2F87A23DD000722000000000290C049002E00010001518000970032080200015180615FB6706143F8E09B01036F726700A5F1F0689D5A1B6A578C4CA67A2341F3B7BEFD60D65EDFEE95C4A4BEE5248FC822E8E8E6880CC2DFE95B4387535F72ED654B0FB67540A942A16E03FD606E612B6A98B4DC2766B8AD59B29BA88124487A65041FCB7A85C7EA6AEDF216F1B9A66638EF0B43F2AF5AFF4EC7F8A7EAA8C5A397BBF50725A01F6466F1B9DFC75C7AB4206471346E706C626168756836397565716931706469313669346A6C616C686361C0BF0032000100015180002A0101000A08332539EE7F95C32A146E89B0BEE75A5095C4A6B628288EFEDA93B45C660006200000000012C144002E00010001518000970032080200015180615C6B1F6140AD8F9B01036F7267009743D87D868261BFC22148E36994C64B7FA5B644A6F738C2C2FDFAF2AE2E8F5D74A0B27D67CBAA7B30C3224D768A795D228A9198CC194ED342DB25F9862BB0142081F763E151D1DC3EF0F6DFD1AFD648DE85C9E1E6FD7BC7B72AD805836A310C142DCAF53782207103B259C5860F46CD626966913C7DD9F9D39CEC2867B5CE7100002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{A83A2976-B485-4486-B333-4B756EB8DB35}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:52.381607-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:7fe::53",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "ns1.sei.cmu.edu.",
"QTYPE": "1",
"QXID": "1",
"XID": "59186",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0xE73200000001000000000001036E73310373656903636D750365647500000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.440751-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:7fe::53",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "ns1.sei.cmu.edu.",
"QTYPE": "1",
"XID": "59186",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "1177",
"PacketData": "0xE732800000010000000F001B036E73310373656903636D750365647500000100010365647500000200010002A300001301650B6564752D73657276657273036E657400C021000200010002A3000004016AC032C021000200010002A30000040168C032C021000200010002A3000004016CC032C021000200010002A30000040167C032C021000200010002A30000040166C032C021000200010002A30000040163C032C021000200010002A30000040162C032C021000200010002A30000040164C032C021000200010002A30000040161C032C021000200010002A3000004016DC032C021000200010002A30000040169C032C021000200010002A3000004016BC032C021002B00010001518000246DA108024172496CDE85534E51129040355BD04B1FCFEBAE996DFDDE652006F6F8B2CE76C021002E0001000151800113002B08010001518061549B9061436A0068D6006BD67759F56DBBE52610A966961A151C5D566FD472A1CDBB81B0125D26AF48774B640ED0AC866D5FC3C5CE60A941CC72B3CCFC7A10FFBD83C7D53F7CDD879EA475024A7C9946EA8464E9E486C713F79AD0D303461F0F01592EF709330D4B6280943CFEABBDD76B4BF152D6B650D0EDA29A7716DE25C0359B0553850B5D76A2F58483993AFBD9B4EC6CA95AB10A7E2BBD02076142AD2935ACB35BEF60FB1474A1C6F6384E1FB2FEF1A3A2A0B5F664D98D29AB13322C7E0E508E15660A88D292FEEF08594D8C3C51CB22C413DC46669DB10B2188C0492FCA76AC7E6F91603AB59C77A3C5699E3AC843C12D1501984694EC05586A83E8C64401D390031E63A3C1C5C0DF001C00010002A300001020010501B1F900000000000000000030C06F001C00010002A300001020010500D93700000000000000000030C0FF001C00010002A3000010200105030D2D00000000000000000030C04F001C00010002A300001020010502709400000000000000000030C0EF001C00010002A30000102001050339C100000000000000000030C05F001C00010002A30000102001050208CC00000000000000000030C07F001C00010002A300001020010503EEA300000000000000000030C08F001C00010002A300001020010503D41400000000000000000030C030001C00010002A3000010200105021CA100000000000000000030C0BF001C00010002A300001020010500856E00000000000000000030C09F001C00010002A30000102001050383EB00000000000000000030C0AF001C00010002A300001020010503231D00000000000000020030C0CF001C00010002A300001020010503A83E00000000000000020030C0DF000100010002A3000004C037531EC06F000100010002A3000004C029A21EC0FF000100010002A3000004C034B21EC04F000100010002A3000004C0304F1EC0EF000100010002A3000004C02BAC1EC05F000100010002A3000004C036701EC07F000100010002A3000004C02A5D1EC08F000100010002A3000004C023331EC030000100010002A3000004C00C5E1EC0BF000100010002A3000004C01F501EC09F000100010002A3000004C01A5C1EC0AF000100010002A3000004C0210E1EC0CF000100010002A3000004C005061E0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:52.440938-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "192.54.112.30",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns1.sei.cmu.edu.",
"QTYPE": "1",
"QXID": "1",
"XID": "56168",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0xDB6800000001000000000001036E73310373656903636D750365647500000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.463866-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "192.54.112.30",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "ns1.sei.cmu.edu.",
"QTYPE": "1",
"XID": "56168",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "446",
"PacketData": "0xDB6880000001000000060004036E73310373656903636D75036564750000010001C014000200010002A30000130C6E792D7365727665722D3033036E6574C014C014000200010002A300000A076E736175746831C03AC014000200010002A300000A076E736175746832C03AC014002B0001000151800018DBC30701585E955D36AB11A225E22B42E713C9BC8B0347B7C014002B0001000151800024DBC3070283F3EA220349ECD74852847F838121275FF28F3C0806B853133BCEF61E1D8205C014002E00010001518000B7002B080200015180614971826140269A93EC03656475004051CB48690907F42C0C8C4B69F39820E428BA999B16F0A418498DE4066A8DFB8BECA34128D0ADE61ED5C9076BDFFB7F575FD1A283941F19EBB21C8B1D13CC5B3F9ACCF4AA11553545874F15232C56FF2C5833BCBCDE6F158321A95FCB3D20F9B986AF021E57E258B93023AA96A42A5D879F4B855A627CB3788EF01DA06CD4A6157CA79E931B0F7275F273CB5B53A28AE5D2C753DF5935BC32DC293DF7FE4772C02D000100010002A300000426609304C04C000100010002A300000480020108C062000100010002A300000480ED94A80000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:52.463958-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "128.237.148.168",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns1.sei.cmu.edu.",
"QTYPE": "1",
"QXID": "1",
"XID": "34830",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0x880E00000001000000000001036E73310373656903636D750365647500000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.504018-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "128.237.148.168",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "ns1.sei.cmu.edu.",
"QTYPE": "1",
"XID": "34830",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "310",
"PacketData": "0x880E80000001000000040003036E73310373656903636D75036564750000010001C01000020001000151800002C00CC01000020001000151800006034E5332C010C010002F0001000054600017055345492D4103434D5503454455000006200000000003C010002E000100005460009B002F070300005460615443AD612CAA0A1B2303636D75036564750008D3395B8E15092CA239FE04DDAE1F6A9CD564A413DCAF8839564131F1EBE96DE096557E921C861F47D02E7ACF36D7DD724880FC4589D1EAE8C648863AE182A7511378793902FB29BC385E591AC7E9F44D5B43CEE94BE0395ECBA99FB0278C9BA54774FAB2C4E843C03AB1A99886F29E1BD3C257157F7ACA0C68E5810098D197C00C000100010001518000049348FC14C03B000100010001518000049348FC150000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:52.504134-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "147.72.252.21",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns1.sei.cmu.edu.",
"QTYPE": "1",
"QXID": "1",
"XID": "59602",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0xE8D200000001000000000001036E73310373656903636D750365647500000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.538533-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "147.72.252.21",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "ns1.sei.cmu.edu.",
"QTYPE": "1",
"XID": "59602",
"RecursionDepth": "4",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "60",
"PacketData": "0xE8D284000001000100000001036E73310373656903636D75036564750000010001C00C0001000100000E1000049348FC140000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:52.538732-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "147.72.252.20",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "cert.org.",
"QTYPE": "1",
"QXID": "4",
"XID": "31185",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "37",
"PacketData": "0x79D1000000010000000000010463657274036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{A83A2976-B485-4486-B333-4B756EB8DB35}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.572863-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "147.72.252.20",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "cert.org.",
"QTYPE": "1",
"XID": "31185",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "53",
"PacketData": "0x79D1840000010001000000010463657274036F72670000010001C00C0001000100000E1000049348FCF20000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{A83A2976-B485-4486-B333-4B756EB8DB35}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:09:52.572918-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "cert.org.",
"QTYPE": "1",
"XID": "4",
"DNSSEC": "0",
"RCODE": "0",
"Port": "52582",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "42",
"PacketData": "0x0004818000010001000000000463657274036F72670000010001C00C0001000100000E1000049348FCF2",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "309",
"GUID": "{A83A2976-B485-4486-B333-4B756EB8DB35}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:09:52.575847-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "cert.org.",
"QTYPE": "28",
"XID": "5",
"Port": "52583",
"BufferSize": "26",
"PacketData": "0x0005010000010000000000000463657274036F726700001C0001",
"AdditionalInfo": ".",
"GUID": "{9100BDBA-09FD-4FFE-B641-CBDBCC610CBE}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:09:52.575937-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "147.72.252.20",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "cert.org.",
"QTYPE": "28",
"QXID": "5",
"XID": "60210",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "37",
"PacketData": "0xEB32000000010000000000010463657274036F726700001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{9100BDBA-09FD-4FFE-B641-CBDBCC610CBE}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:09:52.610451-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "147.72.252.20",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "cert.org.",
"QTYPE": "28",
"XID": "60210",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "110",
"PacketData": "0xEB32840000010000000100010463657274036F726700001C0001C00C0006000100000384003D0E6E732D677269642D6D61737465720373656903636D7503656475000A686F73746D6173746572C00C00004EFF000003840000012C00093A80000003840000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{9100BDBA-09FD-4FFE-B641-CBDBCC610CBE}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:09:52.610451-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "cert.org.",
"QTYPE": "28",
"XID": "5",
"DNSSEC": "0",
"RCODE": "0",
"Port": "52583",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "99",
"PacketData": "0x0005818000010000000100000463657274036F726700001C0001C00C0006000100000384003D0E6E732D677269642D6D61737465720373656903636D7503656475000A686F73746D6173746572C00C00004EFF000003840000012C00093A8000000384",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "35",
"GUID": "{9100BDBA-09FD-4FFE-B641-CBDBCC610CBE}",
"EventReceivedTime": "2021-09-16T20:09:52.753093-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:07.493875-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "telecommand.telemetry.microsoft.com.",
"QTYPE": "1",
"XID": "4310",
"Port": "58514",
"BufferSize": "53",
"PacketData": "0x10D6010000010000000000000B74656C65636F6D6D616E640974656C656D65747279096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{1C62FC5E-7321-42C3-BDBE-F381A79CF4A5}",
"EventReceivedTime": "2021-09-16T20:10:08.487104-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:07.493984-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "40.90.4.205",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "telecommand.telemetry.microsoft.com.",
"QTYPE": "1",
"QXID": "4310",
"XID": "48601",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "64",
"PacketData": "0xBDD9000000010000000000010B74656C65636F6D6D616E640974656C656D65747279096D6963726F736F667403636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C62FC5E-7321-42C3-BDBE-F381A79CF4A5}",
"EventReceivedTime": "2021-09-16T20:10:08.487104-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:07.494213-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "telecommand.telemetry.microsoft.com.",
"QTYPE": "28",
"XID": "50259",
"Port": "52288",
"BufferSize": "53",
"PacketData": "0xC453010000010000000000000B74656C65636F6D6D616E640974656C656D65747279096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{DBAB4AEA-2405-408F-A0D3-56D83E57EE56}",
"EventReceivedTime": "2021-09-16T20:10:08.487104-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:07.494296-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "40.90.4.205",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "telecommand.telemetry.microsoft.com.",
"QTYPE": "28",
"QXID": "50259",
"XID": "60888",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "64",
"PacketData": "0xEDD8000000010000000000010B74656C65636F6D6D616E640974656C656D65747279096D6963726F736F667403636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{DBAB4AEA-2405-408F-A0D3-56D83E57EE56}",
"EventReceivedTime": "2021-09-16T20:10:08.501910-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:07.514840-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "40.90.4.205",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "telecommand.telemetry.microsoft.com.",
"QTYPE": "1",
"XID": "48601",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "80",
"PacketData": "0xBDD9840000010001000000010B74656C65636F6D6D616E640974656C656D65747279096D6963726F736F667403636F6D0000010001C00C0001000100000E1000040D42FC7F00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C62FC5E-7321-42C3-BDBE-F381A79CF4A5}",
"EventReceivedTime": "2021-09-16T20:10:08.501910-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:07.515059-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "telecommand.telemetry.microsoft.com.",
"QTYPE": "1",
"XID": "4310",
"DNSSEC": "0",
"RCODE": "0",
"Port": "58514",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "69",
"PacketData": "0x10D6818000010001000000000B74656C65636F6D6D616E640974656C656D65747279096D6963726F736F667403636F6D0000010001C00C0001000100000E1000040D42FC7F",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "22",
"GUID": "{1C62FC5E-7321-42C3-BDBE-F381A79CF4A5}",
"EventReceivedTime": "2021-09-16T20:10:08.501910-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:07.524899-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "40.90.4.205",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "telecommand.telemetry.microsoft.com.",
"QTYPE": "28",
"XID": "60888",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "138",
"PacketData": "0xEDD8840000010000000100010B74656C65636F6D6D616E640974656C656D65747279096D6963726F736F667403636F6D00001C0001C022000600010000012C003E076E73312D32303509617A7572652D646E73C02C13617A757265646E732D686F73746D6173746572C0220000000100000E100000012C0024EA000000012C00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{DBAB4AEA-2405-408F-A0D3-56D83E57EE56}",
"EventReceivedTime": "2021-09-16T20:10:08.501910-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:07.525184-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "telecommand.telemetry.microsoft.com.",
"QTYPE": "28",
"XID": "50259",
"DNSSEC": "0",
"RCODE": "0",
"Port": "52288",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "127",
"PacketData": "0xC453818000010000000100000B74656C65636F6D6D616E640974656C656D65747279096D6963726F736F667403636F6D00001C0001C022000600010000012C003E076E73312D32303509617A7572652D646E73C02C13617A757265646E732D686F73746D6173746572C0220000000100000E100000012C0024EA000000012C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "31",
"GUID": "{DBAB4AEA-2405-408F-A0D3-56D83E57EE56}",
"EventReceivedTime": "2021-09-16T20:10:08.501910-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:07.765828-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "ocsp.digicert.com.",
"QTYPE": "28",
"XID": "56828",
"Port": "61289",
"BufferSize": "35",
"PacketData": "0xDDFC01000001000000000000046F63737008646967696365727403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{EAE93ED2-71FD-46B6-8EBA-FD484DAB0B7E}",
"EventReceivedTime": "2021-09-16T20:10:08.501910-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:10:07.765857-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "cs9.wac.phicdn.net.",
"QTYPE": "28",
"Port": "61289",
"XID": "56828",
"BufferSize": "35",
"PacketData": "0xDDFC81800001000100000000046F63737008646967696365727403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:10:08.501910-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:07.766143-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2606:2800:1::6",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "cs9.wac.phicdn.NET.",
"QTYPE": "28",
"QXID": "56828",
"XID": "43436",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "47",
"PacketData": "0xA9AC0000000100000000000103637339037761630670686963646E034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{EAE93ED2-71FD-46B6-8EBA-FD484DAB0B7E}",
"EventReceivedTime": "2021-09-16T20:10:08.501910-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:07.783883-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2606:2800:1::6",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "cs9.wac.phicdn.NET.",
"QTYPE": "28",
"XID": "43436",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "115",
"PacketData": "0xA9AC8400000100000001000103637339037761630670686963646E034E455400001C0001C01000060001000002580038036E73310B656467656361737463646EC01B036E6F6308656467656361737403636F6D00612EDC1C00000E100000025800093A800000025800002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{EAE93ED2-71FD-46B6-8EBA-FD484DAB0B7E}",
"EventReceivedTime": "2021-09-16T20:10:08.501910-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:07.783953-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "ocsp.digicert.com.",
"QTYPE": "28",
"XID": "56828",
"DNSSEC": "0",
"RCODE": "0",
"Port": "61289",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "67",
"PacketData": "0xDDFC81800001000100000000046F63737008646967696365727403636F6D00001C0001C00C0005000100004F8C001403637339037761630670686963646E036E657400",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "18",
"GUID": "{EAE93ED2-71FD-46B6-8EBA-FD484DAB0B7E}",
"EventReceivedTime": "2021-09-16T20:10:08.501910-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:26.551148-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"XID": "1",
"Port": "61290",
"BufferSize": "90",
"PacketData": "0x0001010000010000000000000166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C0001",
"AdditionalInfo": ".",
"GUID": "{122FD51C-9B3C-4543-924B-AA1084C5B295}",
"EventReceivedTime": "2021-09-16T20:10:27.556282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:26.551195-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33155",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"XID": "1",
"DNSSEC": "0",
"RCODE": "3",
"Port": "61290",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "171",
"PacketData": "0x0001818300010000000100000166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C0001C0420006000100000361004506646E7331303107636F6D63617374036E65740009646E736D61737465720D636F6D636173746F6E6C696E6503636F6D00780C9EE200001C200000012C00093A8000000384",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{122FD51C-9B3C-4543-924B-AA1084C5B295}",
"EventReceivedTime": "2021-09-16T20:10:27.556282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:26.551972-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "time.apple.com.v6.example.com.",
"QTYPE": "1",
"XID": "2",
"Port": "61291",
"BufferSize": "47",
"PacketData": "0x0002010000010000000000000474696D65056170706C6503636F6D027636076578616D706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{0C3CC680-43CA-499E-A2D8-88966614CCFC}",
"EventReceivedTime": "2021-09-16T20:10:27.556282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:26.552000-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "1",
"AD": "0",
"QNAME": "time.apple.com.v6.example.com.",
"QTYPE": "1",
"XID": "2",
"DNSSEC": "0",
"RCODE": "3",
"Port": "61291",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "119",
"PacketData": "0x0002858300010000000100000474696D65056170706C6503636F6D027636076578616D706C6503636F6D0000010001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{0C3CC680-43CA-499E-A2D8-88966614CCFC}",
"EventReceivedTime": "2021-09-16T20:10:27.556282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:26.552147-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "time.apple.com.v6.example.com.",
"QTYPE": "28",
"XID": "3",
"Port": "61292",
"BufferSize": "47",
"PacketData": "0x0003010000010000000000000474696D65056170706C6503636F6D027636076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{C8DAA95C-A5A5-4E4C-B0EC-43308780EC2C}",
"EventReceivedTime": "2021-09-16T20:10:27.556282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:26.552147-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "1",
"AD": "0",
"QNAME": "time.apple.com.v6.example.com.",
"QTYPE": "28",
"XID": "3",
"DNSSEC": "0",
"RCODE": "3",
"Port": "61292",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "119",
"PacketData": "0x0003858300010000000100000474696D65056170706C6503636F6D027636076578616D706C6503636F6D00001C0001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{C8DAA95C-A5A5-4E4C-B0EC-43308780EC2C}",
"EventReceivedTime": "2021-09-16T20:10:27.556282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:26.552148-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "time.apple.com.",
"QTYPE": "1",
"XID": "4",
"Port": "61293",
"BufferSize": "32",
"PacketData": "0x0004010000010000000000000474696D65056170706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.556282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:26.552238-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "192.55.83.30",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "time.apple.com.",
"QTYPE": "1",
"QXID": "4",
"XID": "5017",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "43",
"PacketData": "0x1399000000010000000000010474696D65056170706C6503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.556282-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:26.594327-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "192.55.83.30",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "time.apple.com.",
"QTYPE": "1",
"XID": "5017",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "779",
"PacketData": "0x1399800000010000000800070474696D65056170706C6503636F6D0000010001C011000200010002A30000070161026E73C011C011000200010002A30000040162C02EC011000200010002A30000040163C02EC011000200010002A30000040164C02E20434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC017003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C063002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E6552053304E553335534442374B334A385133544A4C5636383734414A30353849314FC01700320001000151800022010100000014E02FE4D9ECF8741BF17656756F0227B46E43CDBD0006200000000012C176002E00010001518000B70032080200015180614966A061401BB899AF03636F6D007260EFDAADB2CF1155321C48C77D0650A5511D1FEA84816036322EA0F6CE29A5755AA07DC3B234D77F4BEEFB09CB0DA9E4992823F000459309B855E7B17D1121C4E7BEC3C78C739E4744F281E10D05FD93C61398D8EECF10BB9789EEC0C76CDCC0DC9C22B7010C8771CD46AAFF45A8598DCDCD289F369DF37729B52F2AEA60072CCF4A812EADB75A4A4FBF4739B7D3D68695BDDDE7F42F260B148884E5E51074C02C000100010002A300000411FDC801C03F000100010002A300000411FDCF01C04F000100010002A3000004CC137701C04F001C00010002A300001026200171080007140000000000000001C05F000100010002A3000004CC1A3901C05F001C00010002A3000010262001710801071400000000000000010000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.571884-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:26.594567-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2620:171:800:714::1",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "time.apple.com.",
"QTYPE": "1",
"QXID": "4",
"XID": "55771",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "43",
"PacketData": "0xD9DB000000010000000000010474696D65056170706C6503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.571884-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:26.612590-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2620:171:800:714::1",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "time.apple.com.",
"QTYPE": "1",
"XID": "55771",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "113",
"PacketData": "0xD9DB840000010001000200010474696D65056170706C6503636F6D0000010001C00C0005000100001C2000150874696D652D6F73780167076161706C696D67C017C0350002000100000E10000901610467736C62C037C0350002000100000E1000040162C04F00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.571884-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:10:26.612603-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "time-osx.g.aaplimg.com.",
"QTYPE": "1",
"Port": "61293",
"XID": "4",
"BufferSize": "32",
"PacketData": "0x0004818000010001000000000474696D65056170706C6503636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:10:27.571884-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:26.612726-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "192.12.94.30",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "time-osx.g.aaplimg.com.",
"QTYPE": "1",
"QXID": "4",
"XID": "47010",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0xB7A2000000010000000000010874696D652D6F73780167076161706C696D6703636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.571884-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:26.650977-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "192.12.94.30",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "time-osx.g.aaplimg.com.",
"QTYPE": "1",
"XID": "47010",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "793",
"PacketData": "0xB7A2800000010000000800070874696D652D6F73780167076161706C696D6703636F6D0000010001C017000200010002A300000D0161026E73056170706C65C01FC017000200010002A30000040162C036C017000200010002A30000040163C036C017000200010002A30000040164C03620434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC01F003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C071002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E6552039374B523235514A3242303648424E4B544E3749524152544A5643504D394B53C01F0032000100015180002201010000001449E9C29B34362D256764445A737082E8B1D4B9AA0006200000000012C184002E00010001518000B70032080200015180614AB492614169AA99AF03636F6D00848AB58F663735DE67EDDBAFBAF62419533DEAFF95F499E9CD960171E2152E0B048E8343BA09831D31DC70B9D5BF9DA3D6C5D597A6F64228F62F42BEF0F6B88C19658ECEA554AE0189D4561D501D231F54310CF210DF58D3FDFE28BF25489892AB4AF0AB331F964CBD4D921D515A36E22B05FA99D96C3D0239A43F0150B123377EDEA03A943FE738B90784943391A6E8046D81058C50E6805A7F0ED92A903155C034000100010002A300000411FDC801C04D000100010002A300000411FDCF01C05D000100010002A3000004CC137701C05D001C00010002A300001026200171080007140000000000000001C06D000100010002A3000004CC1A3901C06D001C00010002A3000010262001710801071400000000000000010000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.571884-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:26.651172-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2620:171:801:714::1",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "time-osx.g.aaplimg.com.",
"QTYPE": "1",
"QXID": "4",
"XID": "60077",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0xEAAD000000010000000000010874696D652D6F73780167076161706C696D6703636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.571884-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:26.686702-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2620:171:801:714::1",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "time-osx.g.aaplimg.com.",
"QTYPE": "1",
"XID": "60077",
"RecursionDepth": "4",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "88",
"PacketData": "0xEAAD800000010000000200010874696D652D6F73780167076161706C696D6703636F6D0000010001C0150002000100000E10000901610467736C62C017C0150002000100000E1000040162C03600002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.571884-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:26.687751-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "17.253.207.1",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "a.gslb.aaplimg.com.",
"QTYPE": "1",
"QXID": "1",
"XID": "35596",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "47",
"PacketData": "0x8B0C0000000100000000000101610467736C62076161706C696D6703636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:10:27.571884-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:26.708120-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "17.253.207.1",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "a.gslb.aaplimg.com.",
"QTYPE": "1",
"XID": "35596",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "136",
"PacketData": "0x8B0C8400000100010004000101610467736C62076161706C696D6703636F6D0000010001C00C0001000100015180000411FDC908C00E0002000100015180000D0162026E73056170706C65C01BC00E000200010001518000040161C042C00E000200010001518000040163C042C00E000200010001518000040164C04200002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:10:27.571884-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:26.708857-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "17.253.201.8",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "time-osx.g.aaplimg.com.",
"QTYPE": "1",
"QXID": "4",
"XID": "19567",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0x4C6F000000010000000000010874696D652D6F73780167076161706C696D6703636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.571884-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:26.728253-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "17.253.201.8",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "time-osx.g.aaplimg.com.",
"QTYPE": "1",
"XID": "19567",
"RecursionDepth": "5",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "131",
"PacketData": "0x4C6F840000010005000000010874696D652D6F73780167076161706C696D6703636F6D0000010001C00C0001000100000384000411FD147DC00C0001000100000384000411FD18FDC00C0001000100000384000411FD187DC00C0001000100000384000411FD027DC00C0001000100000384000411FD02FD00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.588543-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:26.728484-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "time.apple.com.",
"QTYPE": "1",
"XID": "4",
"DNSSEC": "0",
"RCODE": "0",
"Port": "61293",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "145",
"PacketData": "0x0004818000010006000000000474696D65056170706C6503636F6D0000010001C00C0005000100001C2000150874696D652D6F73780167076161706C696D67C017C02C0001000100000384000411FD147DC02C0001000100000384000411FD18FDC02C0001000100000384000411FD187DC02C0001000100000384000411FD027DC02C0001000100000384000411FD02FD",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "176",
"GUID": "{CC372B07-F85C-4256-902A-C46DAF81C516}",
"EventReceivedTime": "2021-09-16T20:10:27.588543-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:26.748601-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "time.apple.com.",
"QTYPE": "28",
"XID": "5",
"Port": "61294",
"BufferSize": "32",
"PacketData": "0x0005010000010000000000000474696D65056170706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{360B0090-79BD-4DA0-85FE-EC6CE4D20913}",
"EventReceivedTime": "2021-09-16T20:10:27.588543-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:10:26.748645-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "time-osx.g.aaplimg.com.",
"QTYPE": "28",
"Port": "61294",
"XID": "5",
"BufferSize": "32",
"PacketData": "0x0005818000010001000000000474696D65056170706C6503636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:10:27.588543-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:26.748827-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "17.253.201.8",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "time-osx.g.aaplimg.com.",
"QTYPE": "28",
"QXID": "5",
"XID": "25884",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0x651C000000010000000000010874696D652D6F73780167076161706C696D6703636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{360B0090-79BD-4DA0-85FE-EC6CE4D20913}",
"EventReceivedTime": "2021-09-16T20:10:27.588543-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:26.767883-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "17.253.201.8",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "time-osx.g.aaplimg.com.",
"QTYPE": "28",
"XID": "25884",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "111",
"PacketData": "0x651C840000010000000100010874696D652D6F73780167076161706C696D6703636F6D00001C0001C00C000600010000012C003001610467736C62C0170A686F73746D6173746572056170706C65C01F6143C3C3000007080000012C0000EC400000012C00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{360B0090-79BD-4DA0-85FE-EC6CE4D20913}",
"EventReceivedTime": "2021-09-16T20:10:27.588543-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:26.768036-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "time.apple.com.",
"QTYPE": "28",
"XID": "5",
"DNSSEC": "0",
"RCODE": "0",
"Port": "61294",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "65",
"PacketData": "0x0005818000010001000000000474696D65056170706C6503636F6D00001C0001C00C0005000100001C2000150874696D652D6F73780167076161706C696D67C017",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "19",
"GUID": "{360B0090-79BD-4DA0-85FE-EC6CE4D20913}",
"EventReceivedTime": "2021-09-16T20:10:27.588543-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:43.670922-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "11385",
"Port": "53830",
"BufferSize": "44",
"PacketData": "0x2C7901000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{2343574F-C4FC-49CE-99E9-80934D0FBBD3}",
"EventReceivedTime": "2021-09-16T20:10:44.682718-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:43.671686-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "162.159.0.33",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"QXID": "11385",
"XID": "61390",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "55",
"PacketData": "0xEFCE00000001000000000001076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{2343574F-C4FC-49CE-99E9-80934D0FBBD3}",
"EventReceivedTime": "2021-09-16T20:10:44.682718-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:43.672018-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "5653",
"Port": "53830",
"BufferSize": "44",
"PacketData": "0x161501000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{A6DEB45A-52C3-46D0-A5CC-4C6B1B8FDCAA}",
"EventReceivedTime": "2021-09-16T20:10:44.682718-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:10:43.673385-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "162.159.0.33",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"QXID": "5653",
"XID": "30129",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "55",
"PacketData": "0x75B100000001000000000001076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{A6DEB45A-52C3-46D0-A5CC-4C6B1B8FDCAA}",
"EventReceivedTime": "2021-09-16T20:10:44.682718-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:43.687018-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "162.159.0.33",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "61390",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "201",
"PacketData": "0xEFCE84000001000300000001076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001C00C000100010000012C00046810F8F9C00C000100010000012C00046810F9F9C00C002E00010000012C006600010D030000012C614566AE6142A78E86C90E636C6F7564666C6172652D646E7303636F6D009F7FF7058FBDD2DBE230BCFA51B164D783D134BD1F91FC0290B72790F56161BC6FE4D7D90E547E4A8784672C6FC62FC79CD9FD7387A9619B684AF0B8C160CA3B00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{2343574F-C4FC-49CE-99E9-80934D0FBBD3}",
"EventReceivedTime": "2021-09-16T20:10:44.682718-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:43.689032-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "11385",
"DNSSEC": "0",
"RCODE": "0",
"Port": "53830",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "76",
"PacketData": "0x2C7981800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001C00C000100010000012C00046810F8F9C00C000100010000012C00046810F9F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "17",
"GUID": "{2343574F-C4FC-49CE-99E9-80934D0FBBD3}",
"EventReceivedTime": "2021-09-16T20:10:44.682718-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:10:43.689176-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "162.159.0.33",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "30129",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "225",
"PacketData": "0x75B184000001000300000001076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001C00C001C00010000012C00102606470000000000000000006810F9F9C00C001C00010000012C00102606470000000000000000006810F8F9C00C002E00010000012C0066001C0D030000012C614566B86142A79886C90E636C6F7564666C6172652D646E7303636F6D00AE8BF7D30D94C45F7818FB13590B0AC5ADC3FDC4298F78B00D00A9482F1C09D77AC389C79A42E70C18FB126E86DE305A59538B44B99E185E9193708CF8E457CF00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{A6DEB45A-52C3-46D0-A5CC-4C6B1B8FDCAA}",
"EventReceivedTime": "2021-09-16T20:10:44.682718-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:43.689699-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "5653",
"DNSSEC": "0",
"RCODE": "0",
"Port": "53830",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "100",
"PacketData": "0x161581800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001C00C001C00010000012C00102606470000000000000000006810F9F9C00C001C00010000012C00102606470000000000000000006810F8F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "18",
"GUID": "{A6DEB45A-52C3-46D0-A5CC-4C6B1B8FDCAA}",
"EventReceivedTime": "2021-09-16T20:10:44.682718-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:44.911377-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "wpad.v6.example.com.",
"QTYPE": "1",
"XID": "59488",
"Port": "55998",
"BufferSize": "37",
"PacketData": "0xE860010000010000000000000477706164027636076578616D706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{56C05A4B-380F-4B83-A5DF-9B810DF860F0}",
"EventReceivedTime": "2021-09-16T20:10:45.697572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:44.911990-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "1",
"AD": "0",
"QNAME": "wpad.v6.example.com.",
"QTYPE": "1",
"XID": "59488",
"DNSSEC": "0",
"RCODE": "3",
"Port": "55998",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0xE860858300010000000100000477706164027636076578616D706C6503636F6D0000010001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{56C05A4B-380F-4B83-A5DF-9B810DF860F0}",
"EventReceivedTime": "2021-09-16T20:10:45.697572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:44.912689-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "wpad.v6.example.com.",
"QTYPE": "28",
"XID": "56391",
"Port": "58284",
"BufferSize": "37",
"PacketData": "0xDC47010000010000000000000477706164027636076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{21385A99-9F55-4595-BF95-03E5608EDA51}",
"EventReceivedTime": "2021-09-16T20:10:45.697572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:44.912773-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "1",
"AD": "0",
"QNAME": "wpad.v6.example.com.",
"QTYPE": "28",
"XID": "56391",
"DNSSEC": "0",
"RCODE": "3",
"Port": "58284",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0xDC47858300010000000100000477706164027636076578616D706C6503636F6D00001C0001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{21385A99-9F55-4595-BF95-03E5608EDA51}",
"EventReceivedTime": "2021-09-16T20:10:45.697572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:52.380197-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "nxlogmgr.example.com.",
"QTYPE": "1",
"XID": "8693",
"Port": "44906",
"BufferSize": "38",
"PacketData": "0x21F501000001000000000000086E786C6F676D6772076578616D706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{FBE28A56-638A-465F-A366-E89C54384CA7}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:52.380867-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "nxlogmgr.example.com.",
"QTYPE": "1",
"XID": "8693",
"DNSSEC": "0",
"RCODE": "3",
"Port": "44906",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0x21F585830001000000010000086E786C6F676D6772076578616D706C6503636F6D0000010001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{FBE28A56-638A-465F-A366-E89C54384CA7}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:52.380910-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "nxlogmgr.example.com.",
"QTYPE": "28",
"XID": "31180",
"Port": "44906",
"BufferSize": "38",
"PacketData": "0x79CC01000001000000000000086E786C6F676D6772076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{3728C63F-973D-41A6-80C4-6ADD758569B1}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:52.381009-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "nxlogmgr.example.com.",
"QTYPE": "28",
"XID": "31180",
"DNSSEC": "0",
"RCODE": "3",
"Port": "44906",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0x79CC85830001000000010000086E786C6F676D6772076578616D706C6503636F6D00001C0001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{3728C63F-973D-41A6-80C4-6ADD758569B1}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:52.381736-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "nxlogmgr.",
"QTYPE": "1",
"XID": "46227",
"Port": "48929",
"BufferSize": "26",
"PacketData": "0xB49301000001000000000000086E786C6F676D67720000010001",
"AdditionalInfo": ".",
"GUID": "{EF27E835-EFC6-4256-AB4D-D3456CD99CE6}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 258,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775812",
"EventTime": "2021-09-16T20:10:52.381950-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "ERROR",
"SeverityValue": 4,
"Severity": "ERROR",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33154",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Reason": "Single Label",
"Destination": "192.168.1.7",
"QNAME": "nxlogmgr.",
"QTYPE": "1",
"XID": "46227",
"RCODE": "2",
"Port": "48929",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "26",
"PacketData": "0xB49381820001000000000000086E786C6F676D67720000010001",
"AdditionalInfo": ".",
"ElapsedTime": "0",
"GUID": "{EF27E835-EFC6-4256-AB4D-D3456CD99CE6}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:52.382015-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "nxlogmgr.",
"QTYPE": "28",
"XID": "17049",
"Port": "48929",
"BufferSize": "26",
"PacketData": "0x429901000001000000000000086E786C6F676D677200001C0001",
"AdditionalInfo": ".",
"GUID": "{BB1D286A-9070-4607-B17A-E3A7BDFEA810}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 258,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775812",
"EventTime": "2021-09-16T20:10:52.382590-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "ERROR",
"SeverityValue": 4,
"Severity": "ERROR",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33154",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Reason": "Single Label",
"Destination": "192.168.1.7",
"QNAME": "nxlogmgr.",
"QTYPE": "28",
"XID": "17049",
"RCODE": "2",
"Port": "48929",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "26",
"PacketData": "0x429981820001000000000000086E786C6F676D677200001C0001",
"AdditionalInfo": ".",
"ElapsedTime": "0",
"GUID": "{BB1D286A-9070-4607-B17A-E3A7BDFEA810}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:52.417210-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "nxlogmgr.example.com.",
"QTYPE": "1",
"XID": "51747",
"Port": "44127",
"BufferSize": "38",
"PacketData": "0xCA2301000001000000000000086E786C6F676D6772076578616D706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{9C35DDBD-BCEF-4F3C-9F49-F95C5F79F137}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:52.417312-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "nxlogmgr.example.com.",
"QTYPE": "1",
"XID": "51747",
"DNSSEC": "0",
"RCODE": "3",
"Port": "44127",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0xCA2385830001000000010000086E786C6F676D6772076578616D706C6503636F6D0000010001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{9C35DDBD-BCEF-4F3C-9F49-F95C5F79F137}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:52.417334-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "nxlogmgr.example.com.",
"QTYPE": "28",
"XID": "33336",
"Port": "44127",
"BufferSize": "38",
"PacketData": "0x823801000001000000000000086E786C6F676D6772076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{1C0A86C3-6144-41E8-B9E1-47A09E18054D}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:52.417830-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "nxlogmgr.example.com.",
"QTYPE": "28",
"XID": "33336",
"DNSSEC": "0",
"RCODE": "3",
"Port": "44127",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0x823885830001000000010000086E786C6F676D6772076578616D706C6503636F6D00001C0001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{1C0A86C3-6144-41E8-B9E1-47A09E18054D}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:52.417871-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "nxlogmgr.",
"QTYPE": "1",
"XID": "62944",
"Port": "57107",
"BufferSize": "26",
"PacketData": "0xF5E001000001000000000000086E786C6F676D67720000010001",
"AdditionalInfo": ".",
"GUID": "{9A31D957-37CE-457E-8827-B286CFE7B492}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 258,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775812",
"EventTime": "2021-09-16T20:10:52.417940-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "ERROR",
"SeverityValue": 4,
"Severity": "ERROR",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33154",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Reason": "Single Label",
"Destination": "192.168.1.7",
"QNAME": "nxlogmgr.",
"QTYPE": "1",
"XID": "62944",
"RCODE": "2",
"Port": "57107",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "26",
"PacketData": "0xF5E081820001000000000000086E786C6F676D67720000010001",
"AdditionalInfo": ".",
"ElapsedTime": "0",
"GUID": "{9A31D957-37CE-457E-8827-B286CFE7B492}",
"EventReceivedTime": "2021-09-16T20:10:53.384883-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:52.417954-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "nxlogmgr.",
"QTYPE": "28",
"XID": "63484",
"Port": "57107",
"BufferSize": "26",
"PacketData": "0xF7FC01000001000000000000086E786C6F676D677200001C0001",
"AdditionalInfo": ".",
"GUID": "{03568CFE-8DAA-418B-A66D-4FD4224722D1}",
"EventReceivedTime": "2021-09-16T20:10:53.401956-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 258,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775812",
"EventTime": "2021-09-16T20:10:52.417987-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "ERROR",
"SeverityValue": 4,
"Severity": "ERROR",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33154",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Reason": "Single Label",
"Destination": "192.168.1.7",
"QNAME": "nxlogmgr.",
"QTYPE": "28",
"XID": "63484",
"RCODE": "2",
"Port": "57107",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "26",
"PacketData": "0xF7FC81820001000000000000086E786C6F676D677200001C0001",
"AdditionalInfo": ".",
"ElapsedTime": "1",
"GUID": "{03568CFE-8DAA-418B-A66D-4FD4224722D1}",
"EventReceivedTime": "2021-09-16T20:10:53.401956-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:52.440529-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "raijin-1.example.com.",
"QTYPE": "1",
"XID": "49523",
"Port": "60864",
"BufferSize": "38",
"PacketData": "0xC17301000001000000000000087261696A696E2D31076578616D706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{5154885D-8F35-4BBD-9B5A-3AEF03DF2209}",
"EventReceivedTime": "2021-09-16T20:10:53.401956-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:10:52.440551-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34176",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "u20server-2.example.com.",
"QTYPE": "1",
"Port": "60864",
"XID": "49523",
"BufferSize": "38",
"PacketData": "0xC17385800001000100000000087261696A696E2D31076578616D706C6503636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:10:53.401956-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:52.440604-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34176",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "raijin-1.example.com.",
"QTYPE": "1",
"XID": "49523",
"DNSSEC": "0",
"RCODE": "0",
"Port": "60864",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "80",
"PacketData": "0xC17385800001000200000000087261696A696E2D31076578616D706C6503636F6D0000010001C00C0005000100000E10000E0B7532307365727665722D32C015C0320001000100000E100004C0A80151",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{5154885D-8F35-4BBD-9B5A-3AEF03DF2209}",
"EventReceivedTime": "2021-09-16T20:10:53.401956-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:10:52.440619-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "raijin-1.example.com.",
"QTYPE": "28",
"XID": "61046",
"Port": "60864",
"BufferSize": "38",
"PacketData": "0xEE7601000001000000000000087261696A696E2D31076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{07390103-7029-491F-A79E-432810236E6A}",
"EventReceivedTime": "2021-09-16T20:10:53.401956-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:10:52.440627-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34176",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "u20server-2.example.com.",
"QTYPE": "28",
"Port": "60864",
"XID": "61046",
"BufferSize": "38",
"PacketData": "0xEE7685800001000100000000087261696A696E2D31076578616D706C6503636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:10:53.401956-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:10:52.440655-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34176",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "raijin-1.example.com.",
"QTYPE": "28",
"XID": "61046",
"DNSSEC": "0",
"RCODE": "0",
"Port": "60864",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "64",
"PacketData": "0xEE7685800001000100000000087261696A696E2D31076578616D706C6503636F6D00001C0001C00C0005000100000E10000E0B7532307365727665722D32C015",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{07390103-7029-491F-A79E-432810236E6A}",
"EventReceivedTime": "2021-09-16T20:10:53.401956-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:18.672852-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "63882",
"Port": "51008",
"BufferSize": "41",
"PacketData": "0xF98A010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{3E6FCA0F-9431-4360-B85A-BE15385C850F}",
"EventReceivedTime": "2021-09-16T20:11:19.680986-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:18.672886-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "51008",
"XID": "63882",
"BufferSize": "41",
"PacketData": "0xF98A818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:19.680986-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:18.672996-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"QXID": "63882",
"XID": "34228",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "87",
"PacketData": "0x85B4000000010000000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{3E6FCA0F-9431-4360-B85A-BE15385C850F}",
"EventReceivedTime": "2021-09-16T20:11:19.680986-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:18.673008-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "62088",
"Port": "51008",
"BufferSize": "41",
"PacketData": "0xF288010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{9FD44C0A-6339-4676-B1E2-07FFC507135B}",
"EventReceivedTime": "2021-09-16T20:11:19.680986-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:18.673015-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "51008",
"XID": "62088",
"BufferSize": "41",
"PacketData": "0xF288818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:19.680986-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:18.673015-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"QXID": "62088",
"XID": "40252",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "76",
"PacketData": "0x9D3C000000010000000000002C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{9FD44C0A-6339-4676-B1E2-07FFC507135B}",
"EventReceivedTime": "2021-09-16T20:11:19.680986-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:18.692018-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"XID": "34228",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "260",
"PacketData": "0x85B4840000010005000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D0000010001C00C0001000100000002000436ED8551C00C0001000100000002000412CDDE80C00C0001000100000002000434CAA841C00C0001000100000002000436A1F12EC00C002E000100000002006100010D0300000002614558D66142B5D6AE90096865726F6B75646E7303636F6D0023A1BD6486BBCBE64929F18D041070EA64CBC40AD9F3639D185D3F1D30FE664BDB56AD56105410F660BC4235DFF16F402D5ABE9ADC137BD8F037CC8AC68B93D100002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{3E6FCA0F-9431-4360-B85A-BE15385C850F}",
"EventReceivedTime": "2021-09-16T20:11:19.680986-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:18.692115-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "63882",
"DNSSEC": "0",
"RCODE": "0",
"Port": "51008",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0xF98A818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C000500010000096100392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000002000436ED8551C0350001000100000002000412CDDE80C0350001000100000002000434CAA841C0350001000100000002000436A1F12E",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "19",
"GUID": "{3E6FCA0F-9431-4360-B85A-BE15385C850F}",
"EventReceivedTime": "2021-09-16T20:11:19.680986-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:18.693238-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"XID": "40252",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "141",
"PacketData": "0x9D3C840000010000000100002C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C0001C039000600010000000A003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C061614407560000025800000384001275000000000A",
"AdditionalInfo": ".",
"GUID": "{9FD44C0A-6339-4676-B1E2-07FFC507135B}",
"EventReceivedTime": "2021-09-16T20:11:19.680986-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:18.693295-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "62088",
"DNSSEC": "0",
"RCODE": "0",
"Port": "51008",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0xF288818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C000500010000096100392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "20",
"GUID": "{9FD44C0A-6339-4676-B1E2-07FFC507135B}",
"EventReceivedTime": "2021-09-16T20:11:19.680986-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.880499-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "40604",
"Port": "54890",
"BufferSize": "29",
"PacketData": "0x9E9C01000001000000000000076D6F7A696C6C61036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{D54A3796-B9D2-460B-8F99-8B204BEA4A2D}",
"EventReceivedTime": "2021-09-16T20:11:37.527399-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.882101-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:500:40::1",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"QXID": "40604",
"XID": "48732",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "40",
"PacketData": "0xBE5C00000001000000000001076D6F7A696C6C61036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D54A3796-B9D2-460B-8F99-8B204BEA4A2D}",
"EventReceivedTime": "2021-09-16T20:11:37.527399-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.882200-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "17641",
"Port": "45623",
"BufferSize": "29",
"PacketData": "0x44E901000001000000000000076D6F7A696C6C61036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{0215D8E7-EBDF-48CB-8712-756B8D7DB4EB}",
"EventReceivedTime": "2021-09-16T20:11:37.527399-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.882786-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "16535",
"Port": "45623",
"BufferSize": "29",
"PacketData": "0x409701000001000000000000076D6F7A696C6C61036F726700001C0001",
"AdditionalInfo": ".",
"GUID": "{DF779280-F118-41D1-85F4-E992392824C7}",
"EventReceivedTime": "2021-09-16T20:11:37.527399-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.883286-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:500:c::1",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"QXID": "16535",
"XID": "40391",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "40",
"PacketData": "0x9DC700000001000000000001076D6F7A696C6C61036F726700001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{DF779280-F118-41D1-85F4-E992392824C7}",
"EventReceivedTime": "2021-09-16T20:11:37.527399-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.884629-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "53380",
"Port": "59937",
"BufferSize": "42",
"PacketData": "0xD084010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.527399-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.885226-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "192.52.178.30",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"QXID": "53380",
"XID": "57108",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "53",
"PacketData": "0xDF14000000010000000000010C646574656374706F7274616C0766697265666F7803636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.527399-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.887689-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "30064",
"Port": "59937",
"BufferSize": "42",
"PacketData": "0x7570010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.888387-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:503:eea3::30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"QXID": "30064",
"XID": "43800",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "53",
"PacketData": "0xAB18000000010000000000010C646574656374706F7274616C0766697265666F7803636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.889774-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "4938",
"Port": "55126",
"BufferSize": "42",
"PacketData": "0x134A010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{7294ABB0-3EB0-4E13-9980-5A09949C131C}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.894658-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "17503",
"Port": "47055",
"BufferSize": "42",
"PacketData": "0x445F010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{BE82F370-928E-4EA1-946C-86C581D00E53}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.894726-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "21849",
"Port": "47055",
"BufferSize": "42",
"PacketData": "0x5559010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{B2121301-D749-417D-945E-051A35F715E5}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:36.910058-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:503:eea3::30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "43800",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "695",
"PacketData": "0xAB18800000010000000800010C646574656374706F7274616C0766697265666F7803636F6D00001C0001C019000200010002A3000012076E73312D32343004616B616D036E657400C019000200010002A3000009066E73372D3636C03EC019000200010002A3000009066E73352D3635C03EC019000200010002A3000009066E73342D3634C03E20434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC021003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C087002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E6552048453144374E5330344954483341445131544C36513139524345554C43333854C021003200010001518000220101000000148B82DA17E46AD4A4FB43827643C545DC6684C3720006200000000012C19A002E00010001518000B70032080200015180614969C061401ED899AF03636F6D000F6DC86FE2BE05FB636C54425723CBAB966A02BAB7E4F3FF341204CF1FBB59B0C13BF9D00F816007F6D171B157485279342E679282D30523D9D0E14C4E8C5B99A3927E9D02941F7470DE072421AA4CF078705F90EBE2E67A8CF954608A4BA78C2415828EC54587DE570125E4EF2ABE288230BF6A3A7D6EB9963EFF247085764036CA3B7471C24E7EDE6B39820694F6CA7FDE6F0102CA71EECAC36F31B728CB610000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.910262-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"QXID": "30064",
"XID": "24891",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "53",
"PacketData": "0x613B000000010000000000010C646574656374706F7274616C0766697265666F7803636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:36.919491-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:500:40::1",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "48732",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "634",
"PacketData": "0xBE5C80000001000000080001076D6F7A696C6C61036F72670000010001C00C00020001000151800011066E73342D363404616B616D036E657400C00C00020001000151800009066E73352D3635C030C00C00020001000151800009066E73372D3636C030C00C0002000100015180000A076E73312D323430C030203169383730766A3568343239766A39706369376172366539676B693734747237C0140032000100015180002B0101000A08332539EE7F95C32A140C907D989054FC4C24368D17E3C92EA2F87A23DD000722000000000290206774666B64626C316663746335653630396A3273333173396430336563677672C0140032000100015180002A0101000A08332539EE7F95C32A14875FA48058818D3BA14043CCBF10203E9396E0AE0006200000000012C07A002E00010001518000970032080200015180615FB6AC6143F91C9B01036F726700A9AC3C980ED996F4DC53D4285B83C796DF6A661B4A990CBA93A9E08ADFC8BF8C99C2AC47ADF026FD82E1F96E036B6D96A6F783236D1565F77A5FF484E3686B7132DAF0CD55242B7C7CA6322C351FC2A8B197B3ACBE07CC2554A10AFE0FDE3646414DEE15778DD30A3AFBA61F13B6953C6349A00A380C217EFEE1B9ABFD878A33C0D2002E00010001518000970032080200015180615C6B1F6140AD8F9B01036F72670063FB48F9CB7894D5311DC3832F64BE68A72BB0C588740DE73FF441425A049C3D1FC5D2214FEE2FA647E0BDCD36496BF291296A988CCF5FC78C908E4CBD040A91DDD85E415399170E8A5B37535EF7D7DAF6A0FF810D8ACB306CFC2935D6F5C8A62434BF286A122DEAF414A462EE3A9D9F67ABD2C766998CD9A6F802BD7E517EDE00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{D54A3796-B9D2-460B-8F99-8B204BEA4A2D}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.919617-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"QXID": "40604",
"XID": "24055",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "40",
"PacketData": "0x5DF700000001000000000001076D6F7A696C6C61036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D54A3796-B9D2-460B-8F99-8B204BEA4A2D}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:36.926958-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "192.52.178.30",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "57108",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "695",
"PacketData": "0xDF14800000010000000800010C646574656374706F7274616C0766697265666F7803636F6D0000010001C019000200010002A3000012076E73312D32343004616B616D036E657400C019000200010002A3000009066E73372D3636C03EC019000200010002A3000009066E73352D3635C03EC019000200010002A3000009066E73342D3634C03E20434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC021003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C087002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E6552048453144374E5330344954483341445131544C36513139524345554C43333854C021003200010001518000220101000000148B82DA17E46AD4A4FB43827643C545DC6684C3720006200000000012C19A002E00010001518000B70032080200015180614969C061401ED899AF03636F6D000F6DC86FE2BE05FB636C54425723CBAB966A02BAB7E4F3FF341204CF1FBB59B0C13BF9D00F816007F6D171B157485279342E679282D30523D9D0E14C4E8C5B99A3927E9D02941F7470DE072421AA4CF078705F90EBE2E67A8CF954608A4BA78C2415828EC54587DE570125E4EF2ABE288230BF6A3A7D6EB9963EFF247085764036CA3B7471C24E7EDE6B39820694F6CA7FDE6F0102CA71EECAC36F31B728CB610000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.927045-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"QXID": "53380",
"XID": "1415",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "53",
"PacketData": "0x0587000000010000000000010C646574656374706F7274616C0766697265666F7803636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:36.945877-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "24891",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "95",
"PacketData": "0x613B840000010001000000010C646574656374706F7274616C0766697265666F7803636F6D00001C0001C00C000500010000003C001E0C646574656374706F7274616C0470726F64066D6F7A617773036E6574000000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:36.945904-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "28",
"Port": "59937",
"XID": "30064",
"BufferSize": "42",
"PacketData": "0x7570818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.946070-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:503:a83e::2:30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "28",
"QXID": "30064",
"XID": "3134",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "57",
"PacketData": "0x0C3E000000010000000000010C646574656374706F7274616C0470726F64066D6F7A617773034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:36.952864-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:500:c::1",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "40391",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "634",
"PacketData": "0x9DC780000001000000080001076D6F7A696C6C61036F726700001C0001C00C00020001000151800011066E73352D363504616B616D036E657400C00C00020001000151800009066E73372D3636C030C00C00020001000151800009066E73342D3634C030C00C0002000100015180000A076E73312D323430C030203169383730766A3568343239766A39706369376172366539676B693734747237C0140032000100015180002B0101000A08332539EE7F95C32A140C907D989054FC4C24368D17E3C92EA2F87A23DD000722000000000290C07A002E00010001518000970032080200015180615FB6AC6143F91C9B01036F726700A9AC3C980ED996F4DC53D4285B83C796DF6A661B4A990CBA93A9E08ADFC8BF8C99C2AC47ADF026FD82E1F96E036B6D96A6F783236D1565F77A5FF484E3686B7132DAF0CD55242B7C7CA6322C351FC2A8B197B3ACBE07CC2554A10AFE0FDE3646414DEE15778DD30A3AFBA61F13B6953C6349A00A380C217EFEE1B9ABFD878A33206774666B64626C316663746335653630396A3273333173396430336563677672C0F00032000100015180002A0101000A08332539EE7F95C32A14875FA48058818D3BA14043CCBF10203E9396E0AE0006200000000012C175002E00010001518000970032080200015180615C6B1F6140AD8F9B01036F72670063FB48F9CB7894D5311DC3832F64BE68A72BB0C588740DE73FF441425A049C3D1FC5D2214FEE2FA647E0BDCD36496BF291296A988CCF5FC78C908E4CBD040A91DDD85E415399170E8A5B37535EF7D7DAF6A0FF810D8ACB306CFC2935D6F5C8A62434BF286A122DEAF414A462EE3A9D9F67ABD2C766998CD9A6F802BD7E517EDE00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{DF779280-F118-41D1-85F4-E992392824C7}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.952988-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"QXID": "16535",
"XID": "13177",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "40",
"PacketData": "0x337900000001000000000001076D6F7A696C6C61036F726700001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{DF779280-F118-41D1-85F4-E992392824C7}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:36.955807-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "24055",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "88",
"PacketData": "0x5DF784000001000300000001076D6F7A696C6C61036F72670000010001C00C0001000100000E1000042CEC301FC00C0001000100000E1000042CEC485DC00C0001000100000E1000042CEBF69B0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{D54A3796-B9D2-460B-8F99-8B204BEA4A2D}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:36.955872-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "17641",
"DNSSEC": "0",
"RCODE": "0",
"Port": "45623",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0x44E981800001000300000000076D6F7A696C6C61036F72670000010001C00C0001000100000E0F00042CEC301FC00C0001000100000E0F00042CEC485DC00C0001000100000E0F00042CEBF69B",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "76",
"GUID": "{D54A3796-B9D2-460B-8F99-8B204BEA4A2D}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:36.955895-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "40604",
"DNSSEC": "0",
"RCODE": "0",
"Port": "54890",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0x9E9C81800001000300000000076D6F7A696C6C61036F72670000010001C00C0001000100000E0F00042CEC301FC00C0001000100000E0F00042CEC485DC00C0001000100000E0F00042CEBF69B",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "76",
"GUID": "{D54A3796-B9D2-460B-8F99-8B204BEA4A2D}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.956319-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "31924",
"Port": "49024",
"BufferSize": "29",
"PacketData": "0x7CB401000001000000000000076D6F7A696C6C61036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{31E9AE83-6D79-4712-B91D-B1A7148CF7D7}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:36.956478-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "31924",
"DNSSEC": "0",
"RCODE": "0",
"Port": "49024",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0x7CB481800001000300000000076D6F7A696C6C61036F72670000010001C00C0001000100000E0F00042CEC485DC00C0001000100000E0F00042CEBF69BC00C0001000100000E0F00042CEC301F",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{31E9AE83-6D79-4712-B91D-B1A7148CF7D7}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.956601-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "www.google.com.",
"QTYPE": "1",
"XID": "36809",
"Port": "50092",
"BufferSize": "32",
"PacketData": "0x8FC9010000010000000000000377777706676F6F676C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{EDDEF943-AF67-4E7D-BEE9-0C0EB94926C2}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.956693-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.36.10",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "www.google.com.",
"QTYPE": "1",
"QXID": "36809",
"XID": "44673",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "43",
"PacketData": "0xAE81000000010000000000010377777706676F6F676C6503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{EDDEF943-AF67-4E7D-BEE9-0C0EB94926C2}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:36.963362-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "1415",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "95",
"PacketData": "0x0587840000010001000000010C646574656374706F7274616C0766697265666F7803636F6D0000010001C00C000500010000003C001E0C646574656374706F7274616C0470726F64066D6F7A617773036E6574000000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:36.963381-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "1",
"Port": "59937",
"XID": "53380",
"BufferSize": "42",
"PacketData": "0xD084818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.963479-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "192.31.80.30",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "1",
"QXID": "53380",
"XID": "23957",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "57",
"PacketData": "0x5D95000000010000000000010C646574656374706F7274616C0470726F64066D6F7A617773034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.540572-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:36.982912-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:503:a83e::2:30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "28",
"XID": "3134",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "759",
"PacketData": "0x0C3E800000010000000800020C646574656374706F7274616C0470726F64066D6F7A617773034E455400001C0001C01E000200010002A3000016066E732D31373809617773646E732D323203636F6D00C01E000200010002A3000013066E732D38363509617773646E732D3434C025C01E000200010002A3000017076E732D3130383409617773646E732D3037036F726700C01E000200010002A3000019076E732D3139393509617773646E732D353702636F02756B0020413152543938425335514743394E4649353153394843493437554C4A47364A48C025003200010001518000230101000000145077EF3DF3A33A2D14993A1E874E1344D743C90B000722000000000290C0B7002E00010001518000B700320802000151806149717C61402694FF62036E657400B6321648DFB0D93CE5875A4612080D3092669F8C1B7E7BA200F78095D14E072097269DDAB573C06E9DE1D637095BD0561D096122F515E3A42C71E1C545889FC3BA4016371DAC852CC727732B22E34129A97E424D82E9531B20698A87B307DCC9FC6FF6E3E3DA999E66D048E1E7B01688586CCBCA11D3604AD67C06119723641FAAEE7F8F982A0D36D6B39CC34CA9005DAB99EAF51A2B4D183DCC4C9C234EAA9720313835304946354E544F3438374B524832364E55494F444B4437514B37524752C025003200010001518000220101000000140A0A7783B02375ADC08EA0D89EEE228CE8203FCE0006200000000012C1CA002E00010001518000B70032080200015180614C14466142C95EFF62036E6574000375F3B38463F0A024EFE1B158251B69424DB8E5150D7CA47FD76F4AFFE98EB74EC04EAD12A2E7F7C1DAD13907ABBEBF5AF0F19F93AFA2E77A3DE6499B6888FBA586C93960C354047160A51196E8AC391075E7550076A7A2B6AA522B4BDFDEAAAA4AF19C11CA26737F05521F24176322EA14E3D8FEC0F2703F233BAE0798B4E32BC998316B98F21E3291E3D9119891DA4E46AEC80DFB485601A2848699ED6152C05C000100010002A3000004CDFBC3610000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.983058-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.195.97",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "28",
"QXID": "30064",
"XID": "57310",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "57",
"PacketData": "0xDFDE000000010000000000010C646574656374706F7274616C0470726F64066D6F7A617773034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:36.989309-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "13177",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "120",
"PacketData": "0x337984000001000000010001076D6F7A696C6C61036F726700001C0001C00C000600010000003C004409696E666F626C6F78310770726976617465046D646331076D6F7A696C6C6103636F6D000973797361646D696E73C00C78581ECA000000B4000000B4001275000000003C0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{DF779280-F118-41D1-85F4-E992392824C7}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:36.989572-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "16535",
"DNSSEC": "0",
"RCODE": "0",
"Port": "45623",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0x409781800001000000010000076D6F7A696C6C61036F726700001C0001C00C000600010000003B004409696E666F626C6F78310770726976617465046D646331076D6F7A696C6C6103636F6D000973797361646D696E73C00C78581ECA000000B4000000B4001275000000003C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "107",
"GUID": "{DF779280-F118-41D1-85F4-E992392824C7}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.990441-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "26173",
"Port": "47088",
"BufferSize": "29",
"PacketData": "0x663D01000001000000000000076D6F7A696C6C61036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{9BC7B6E0-A78A-4832-8A9C-2C9A6DF965B6}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:36.990502-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "26173",
"DNSSEC": "0",
"RCODE": "0",
"Port": "47088",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0x663D81800001000300000000076D6F7A696C6C61036F72670000010001C00C0001000100000E0F00042CEBF69BC00C0001000100000E0F00042CEC301FC00C0001000100000E0F00042CEC485D",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{9BC7B6E0-A78A-4832-8A9C-2C9A6DF965B6}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.990516-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "39680",
"Port": "47088",
"BufferSize": "29",
"PacketData": "0x9B0001000001000000000000076D6F7A696C6C61036F726700001C0001",
"AdditionalInfo": ".",
"GUID": "{C548AC11-3421-4D47-A84D-D1857704D759}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:36.990551-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "39680",
"DNSSEC": "0",
"RCODE": "0",
"Port": "47088",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0x9B0081800001000000010000076D6F7A696C6C61036F726700001C0001C00C000600010000003B004409696E666F626C6F78310770726976617465046D646331076D6F7A696C6C6103636F6D000973797361646D696E73C00C78581ECA000000B4000000B4001275000000003C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{C548AC11-3421-4D47-A84D-D1857704D759}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:36.993382-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "216.239.36.10",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "www.google.com.",
"QTYPE": "1",
"XID": "44673",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "59",
"PacketData": "0xAE81840000010001000000010377777706676F6F676C6503636F6D0000010001C00C000100010000012C00048EFABE040000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{EDDEF943-AF67-4E7D-BEE9-0C0EB94926C2}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:36.993458-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "www.google.com.",
"QTYPE": "1",
"XID": "36809",
"DNSSEC": "0",
"RCODE": "0",
"Port": "50092",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0x8FC9818000010001000000000377777706676F6F676C6503636F6D0000010001C00C000100010000012C00048EFABE04",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "37",
"GUID": "{EDDEF943-AF67-4E7D-BEE9-0C0EB94926C2}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:36.996248-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "google.com.",
"QTYPE": "1",
"XID": "44232",
"Port": "38485",
"BufferSize": "28",
"PacketData": "0xACC80100000100000000000006676F6F676C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{3A78425D-9482-4AA8-AD63-D11E14450858}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:36.996461-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:4860:4802:32::a",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "google.com.",
"QTYPE": "1",
"QXID": "44232",
"XID": "46336",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "39",
"PacketData": "0xB5000000000100000000000106676F6F676C6503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{3A78425D-9482-4AA8-AD63-D11E14450858}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.000832-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "192.31.80.30",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "1",
"XID": "23957",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "759",
"PacketData": "0x5D95800000010000000800020C646574656374706F7274616C0470726F64066D6F7A617773034E45540000010001C01E000200010002A3000016066E732D31373809617773646E732D323203636F6D00C01E000200010002A3000013066E732D38363509617773646E732D3434C025C01E000200010002A3000017076E732D3130383409617773646E732D3037036F726700C01E000200010002A3000019076E732D3139393509617773646E732D353702636F02756B0020413152543938425335514743394E4649353153394843493437554C4A47364A48C025003200010001518000230101000000145077EF3DF3A33A2D14993A1E874E1344D743C90B000722000000000290C0B7002E00010001518000B700320802000151806149717C61402694FF62036E657400B6321648DFB0D93CE5875A4612080D3092669F8C1B7E7BA200F78095D14E072097269DDAB573C06E9DE1D637095BD0561D096122F515E3A42C71E1C545889FC3BA4016371DAC852CC727732B22E34129A97E424D82E9531B20698A87B307DCC9FC6FF6E3E3DA999E66D048E1E7B01688586CCBCA11D3604AD67C06119723641FAAEE7F8F982A0D36D6B39CC34CA9005DAB99EAF51A2B4D183DCC4C9C234EAA9720313835304946354E544F3438374B524832364E55494F444B4437514B37524752C025003200010001518000220101000000140A0A7783B02375ADC08EA0D89EEE228CE8203FCE0006200000000012C1CA002E00010001518000B70032080200015180614C14466142C95EFF62036E6574000375F3B38463F0A024EFE1B158251B69424DB8E5150D7CA47FD76F4AFFE98EB74EC04EAD12A2E7F7C1DAD13907ABBEBF5AF0F19F93AFA2E77A3DE6499B6888FBA586C93960C354047160A51196E8AC391075E7550076A7A2B6AA522B4BDFDEAAAA4AF19C11CA26737F05521F24176322EA14E3D8FEC0F2703F233BAE0798B4E32BC998316B98F21E3291E3D9119891DA4E46AEC80DFB485601A2848699ED6152C05C000100010002A3000004CDFBC3610000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.001243-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.195.97",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "1",
"QXID": "53380",
"XID": "5865",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "46",
"PacketData": "0x16E9000000010000000000000C646574656374706F7274616C0470726F64066D6F7A617773034E45540000010001",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.020548-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32800",
"TCP": "0",
"Source": "205.251.195.97",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "1",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "28",
"XID": "57310",
"RecursionDepth": "4",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "194",
"PacketData": "0xDFDE802000010000000400010C646574656374706F7274616C0470726F64066D6F7A617773034E455400001C0001C0190002000100000E100017076E732D3132363009617773646E732D3239036F726700C0190002000100000E100019076E732D3139383609617773646E732D353602636F02756B00C0190002000100000E100016066E732D33373709617773646E732D343703636F6D00C0190002000100000E100013066E732D36313409617773646E732D3132C0250000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.022990-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "199.249.112.1",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns-1260.awsdns-29.org.",
"QTYPE": "1",
"QXID": "1",
"XID": "31030",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "50",
"PacketData": "0x793600000001000000000001076E732D3132363009617773646E732D3239036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.037121-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2001:4860:4802:32::a",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "google.com.",
"QTYPE": "1",
"XID": "46336",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "55",
"PacketData": "0xB5008400000100010000000106676F6F676C6503636F6D0000010001C00C000100010000012C0004ACD9050E0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{3A78425D-9482-4AA8-AD63-D11E14450858}",
"EventReceivedTime": "2021-09-16T20:11:37.556174-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.038070-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "google.com.",
"QTYPE": "1",
"XID": "44232",
"DNSSEC": "0",
"RCODE": "0",
"Port": "38485",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0xACC88180000100010000000006676F6F676C6503636F6D0000010001C00C000100010000012C0004ACD9050E",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "42",
"GUID": "{3A78425D-9482-4AA8-AD63-D11E14450858}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.040004-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "205.251.195.97",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "1",
"XID": "5865",
"RecursionDepth": "4",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "183",
"PacketData": "0x16E9800000010000000400000C646574656374706F7274616C0470726F64066D6F7A617773034E45540000010001C0190002000100000E100017076E732D3132363009617773646E732D3239036F726700C0190002000100000E100019076E732D3139383609617773646E732D353602636F02756B00C0190002000100000E100016066E732D33373709617773646E732D343703636F6D00C0190002000100000E100013066E732D36313409617773646E732D3132C025",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.042231-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:500:b::1",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "ns-1260.awsdns-29.org.",
"QTYPE": "1",
"QXID": "1",
"XID": "5327",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "50",
"PacketData": "0x14CF00000001000000000001076E732D3132363009617773646E732D3239036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.047401-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "forcesafesearch.google.com.",
"QTYPE": "1",
"XID": "31763",
"Port": "39949",
"BufferSize": "44",
"PacketData": "0x7C13010000010000000000000F666F7263657361666573656172636806676F6F676C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{209BB5E3-12D1-4D2B-AB24-6B3A7A3D6E33}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.048802-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:4860:4802:38::a",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "forcesafesearch.google.com.",
"QTYPE": "1",
"QXID": "31763",
"XID": "8422",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "55",
"PacketData": "0x20E6000000010000000000010F666F7263657361666573656172636806676F6F676C6503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{209BB5E3-12D1-4D2B-AB24-6B3A7A3D6E33}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.064486-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "199.249.112.1",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "ns-1260.awsdns-29.org.",
"QTYPE": "1",
"XID": "31030",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "824",
"PacketData": "0x793680000001000000080009076E732D3132363009617773646E732D3239036F72670000010001C0140002000100015180000B08672D6E732D373335C014C0140002000100015180000B08672D6E732D313537C014C0140002000100015180000C09672D6E732D31363239C014C0140002000100015180000C09672D6E732D31303536C014203169383730766A3568343239766A39706369376172366539676B693734747237036F7267000032000100015180002B0101000A08332539EE7F95C32A140C907D989054FC4C24368D17E3C92EA2F87A23DD000722000000000290C085002E00010001518000970032080200015180615FB6AC6143F91C9B01036F726700A9AC3C980ED996F4DC53D4285B83C796DF6A661B4A990CBA93A9E08ADFC8BF8C99C2AC47ADF026FD82E1F96E036B6D96A6F783236D1565F77A5FF484E3686B7132DAF0CD55242B7C7CA6322C351FC2A8B197B3ACBE07CC2554A10AFE0FDE3646414DEE15778DD30A3AFBA61F13B6953C6349A00A380C217EFEE1B9ABFD878A33206539346272386B376D683633306F72366E6D66636C387138626968306B703166C0FE0032000100015180002A0101000A08332539EE7F95C32A1472496B255DA688479BF2C3ADA7E9DDAC47964EE90006200000000012C183002E00010001518000970032080200015180615C6B1F6140AD8F9B01036F72670005DD56A8470DD91545915AC4C9A707358018C0381F5BD263F0F2E21F9AC44C9FAC6735B87D46BEE8E95560B798CA2BB2EF73E3E1DD745628B6163FAF61D187E7E6953A41ED0854AA65FABEC386554FA29404125504FDD494A98DFD1D6344C7A44364FFDE03BAC1494A1DA48885BDD0852CEFA9AE6CF7AC93D5D2DE916791733BC06100010001000151800004CDFBC65DC07900010001000151800004CDFBC420C03300010001000151800004CDFBC2DFC04A00010001000151800004CDFBC09DC061001C00010001518000102600900053065D000000000000000001C079001C000100015180001026009000530420000000000000000001C033001C0001000151800010260090005302DF000000000000000001C04A001C00010001518000102600900053009D00000000000000000100002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.064883-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.198.93",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns-1260.awsdns-29.org.",
"QTYPE": "1",
"QXID": "1",
"XID": "57993",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "50",
"PacketData": "0xE28900000001000000000001076E732D3132363009617773646E732D3239036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.085093-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "205.251.198.93",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "ns-1260.awsdns-29.org.",
"QTYPE": "1",
"XID": "57993",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "336",
"PacketData": "0xE28984200001000100040009076E732D3132363009617773646E732D3239036F72670000010001C00C000100010002A3000004CDFBC4ECC014000200010002A300000C09672D6E732D31303536C014C014000200010002A300000B08672D6E732D313537C014C014000200010002A300000C09672D6E732D31363239C014C014000200010002A300000B08672D6E732D373335C014C043000100010002A3000004CDFBC420C043001C00010002A300001026009000530420000000000000000001C05B000100010002A3000004CDFBC09DC05B001C00010002A30000102600900053009D000000000000000001C072000100010002A3000004CDFBC65DC072001C00010002A30000102600900053065D000000000000000001C08A000100010002A3000004CDFBC2DFC08A001C00010002A3000010260090005302DF0000000000000000010000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.085481-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.196.236",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "28",
"QXID": "30064",
"XID": "31457",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "57",
"PacketData": "0x7AE1000000010000000000010C646574656374706F7274616C0470726F64066D6F7A617773034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.089962-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2001:4860:4802:38::a",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "forcesafesearch.google.com.",
"QTYPE": "1",
"XID": "8422",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "71",
"PacketData": "0x20E6840000010001000000010F666F7263657361666573656172636806676F6F676C6503636F6D0000010001C00C00010001000151800004D8EF26780000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{209BB5E3-12D1-4D2B-AB24-6B3A7A3D6E33}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.090144-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "forcesafesearch.google.com.",
"QTYPE": "1",
"XID": "31763",
"DNSSEC": "0",
"RCODE": "0",
"Port": "39949",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "60",
"PacketData": "0x7C13818000010001000000000F666F7263657361666573656172636806676F6F676C6503636F6D0000010001C00C00010001000151800004D8EF2678",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "43",
"GUID": "{209BB5E3-12D1-4D2B-AB24-6B3A7A3D6E33}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.095750-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "www.youtube.com.",
"QTYPE": "1",
"XID": "30590",
"Port": "54657",
"BufferSize": "33",
"PacketData": "0x777E010000010000000000000377777707796F757475626503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{D105A5CE-09CB-4AC4-BEFF-C7069B3747E8}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.096271-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "192.12.94.30",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "www.youtube.com.",
"QTYPE": "1",
"QXID": "30590",
"XID": "65075",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0xFE33000000010000000000010377777707796F757475626503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D105A5CE-09CB-4AC4-BEFF-C7069B3747E8}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.122943-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "205.251.196.236",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "28",
"XID": "31457",
"RecursionDepth": "5",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "247",
"PacketData": "0x7AE1842000010001000400010C646574656374706F7274616C0470726F64066D6F7A617773034E455400001C0001C00C000500010000012C00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C025C019000200010002A3000017076E732D3132363009617773646E732D3239036F726700C019000200010002A3000019076E732D3139383609617773646E732D353602636F02756B00C019000200010002A3000016066E732D33373709617773646E732D343703636F6D00C019000200010002A3000013066E732D36313409617773646E732D3132C0250000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.123057-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "28",
"Port": "59937",
"XID": "30064",
"BufferSize": "42",
"PacketData": "0x7570818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.124029-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "192.48.79.30",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "28",
"QXID": "30064",
"XID": "45165",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "71",
"PacketData": "0xB06D000000010000000000010470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.134091-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "192.12.94.30",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "www.youtube.com.",
"QTYPE": "1",
"XID": "65075",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "848",
"PacketData": "0xFE33800000010000000800090377777707796F757475626503636F6D0000010001C010000200010002A300000D036E733206676F6F676C65C018C010000200010002A3000006036E7331C031C010000200010002A3000006036E7333C031C010000200010002A3000006036E7334C03120434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC018003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C070002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E655204835414951305632334431374A3550543238493544374D4D354F544E42513237C01800320001000151800022010100000014895533E99D8E61EA75756530008715E3D86C079B0006200000000012C183002E00010001518000B7003208020001518061496E89614023A199AF03636F6D0083EFFACAA260A7BC45A70747B0784B0027EF06328775CD703192A20690ED73F2AAF8A4A258EB068CA249046D11402D3310EE6F185D0A6768FAC63B98C0BF022EB642B0EA33C441EEF19AD49BC22FF92C58DB38B2A84A7B81EBA6B9AC0DD63B22EDA0C47A4385B951D1934273A6CFEEACC9E38B666EF7039E8AF3846913C484E6794BE151A037759E9908077772FC140BABC900BD0E72D7AD67D1ABCF98CC4E27C02D001C00010002A30000102001486048020034000000000000000AC02D000100010002A3000004D8EF220AC046001C00010002A30000102001486048020032000000000000000AC046000100010002A3000004D8EF200AC058001C00010002A30000102001486048020036000000000000000AC058000100010002A3000004D8EF240AC06A001C00010002A30000102001486048020038000000000000000AC06A000100010002A3000004D8EF260A0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{D105A5CE-09CB-4AC4-BEFF-C7069B3747E8}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.135915-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.38.10",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "www.youtube.com.",
"QTYPE": "1",
"QXID": "30590",
"XID": "48476",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0xBD5C000000010000000000010377777707796F757475626503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D105A5CE-09CB-4AC4-BEFF-C7069B3747E8}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.158171-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:500:b::1",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "ns-1260.awsdns-29.org.",
"QTYPE": "1",
"XID": "5327",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "821",
"PacketData": "0x14CF80000001000000080009076E732D3132363009617773646E732D3239036F72670000010001C0140002000100015180000B08672D6E732D313537C014C0140002000100015180000C09672D6E732D31363239C014C0140002000100015180000C09672D6E732D31303536C014C0140002000100015180000B08672D6E732D373335C014203169383730766A3568343239766A39706369376172366539676B693734747237C01E0032000100015180002B0101000A08332539EE7F95C32A140C907D989054FC4C24368D17E3C92EA2F87A23DD000722000000000290C085002E00010001518000970032080200015180615FB6AC6143F91C9B01036F726700A9AC3C980ED996F4DC53D4285B83C796DF6A661B4A990CBA93A9E08ADFC8BF8C99C2AC47ADF026FD82E1F96E036B6D96A6F783236D1565F77A5FF484E3686B7132DAF0CD55242B7C7CA6322C351FC2A8B197B3ACBE07CC2554A10AFE0FDE3646414DEE15778DD30A3AFBA61F13B6953C6349A00A380C217EFEE1B9ABFD878A33206539346272386B376D683633306F72366E6D66636C387138626968306B703166C0FB0032000100015180002A0101000A08332539EE7F95C32A1472496B255DA688479BF2C3ADA7E9DDAC47964EE90006200000000012C180002E00010001518000970032080200015180615C6B1F6140AD8F9B01036F72670005DD56A8470DD91545915AC4C9A707358018C0381F5BD263F0F2E21F9AC44C9FAC6735B87D46BEE8E95560B798CA2BB2EF73E3E1DD745628B6163FAF61D187E7E6953A41ED0854AA65FABEC386554FA29404125504FDD494A98DFD1D6344C7A44364FFDE03BAC1494A1DA48885BDD0852CEFA9AE6CF7AC93D5D2DE916791733BC033001C00010001518000102600900053009D000000000000000001C07A001C0001000151800010260090005302DF000000000000000001C062001C000100015180001026009000530420000000000000000001C04A001C00010001518000102600900053065D000000000000000001C03300010001000151800004CDFBC09DC07A00010001000151800004CDFBC2DFC06200010001000151800004CDFBC420C04A00010001000151800004CDFBC65D00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.160188-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.196.32",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns-1260.awsdns-29.org.",
"QTYPE": "1",
"QXID": "1",
"XID": "24765",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "50",
"PacketData": "0x60BD00000001000000000001076E732D3132363009617773646E732D3239036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.164512-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "192.48.79.30",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "28",
"XID": "45165",
"RecursionDepth": "6",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "741",
"PacketData": "0xB06D800000010000000800010470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E455400001C0001C02C000200010002A300001F0B6E732D636C6F75642D63310D676F6F676C65646F6D61696E7303636F6D00C02C000200010002A300000E0B6E732D636C6F75642D6332C054C02C000200010002A300000E0B6E732D636C6F75642D6333C054C02C000200010002A300000E0B6E732D636C6F75642D6334C05420413152543938425335514743394E4649353153394843493437554C4A47364A48C033003200010001518000230101000000145077EF3DF3A33A2D14993A1E874E1344D743C90B000722000000000290C0B5002E00010001518000B700320802000151806149717C61402694FF62036E657400B6321648DFB0D93CE5875A4612080D3092669F8C1B7E7BA200F78095D14E072097269DDAB573C06E9DE1D637095BD0561D096122F515E3A42C71E1C545889FC3BA4016371DAC852CC727732B22E34129A97E424D82E9531B20698A87B307DCC9FC6FF6E3E3DA999E66D048E1E7B01688586CCBCA11D3604AD67C06119723641FAAEE7F8F982A0D36D6B39CC34CA9005DAB99EAF51A2B4D183DCC4C9C234EAA9720304148504252395336475650434133554455364653344F5636545552374D4E41C0330032000100015180002201010000001402A3BA2A2FB7538F492DCBCFAD3AD865F59741EC0006200000000012C1C8002E00010001518000B70032080200015180614AC1676141767FFF62036E65740059AD0FB5943096F2AECCD3A3CC1F993638F236E6663C92CE8B30AF2C841E0848133C089D7824AE173637AF6F1C80C996EB102C76158A7A56BAB78BFB5B90426F52DF2358A87FE67A8E0B2AEA10FEE0110389E5928F5B1C57724973DDE0EE87F8A33F4ABFF5892F312257B8C6E5C30DBAFF5366FBE292235D09BF816DD82AA42AEE8BA9B9D1E8C7E68D5ED3CECE90ACEFBB47FD048E6316A4A93CE80B0A3F36B10000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.166926-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "192.5.6.30",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns-cloud-c1.googledomains.com.",
"QTYPE": "1",
"QXID": "1",
"XID": "53744",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0xD1F0000000010000000000010B6E732D636C6F75642D63310D676F6F676C65646F6D61696E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.175704-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "216.239.38.10",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "www.youtube.com.",
"QTYPE": "1",
"XID": "48476",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "302",
"PacketData": "0xBD5C84000001000F000000010377777707796F757475626503636F6D0000010001C00C000500010001518000160A796F75747562652D7569016C06676F6F676C65C018C02D000100010000012C0004ACD9050EC02D000100010000012C0004ACD904CEC02D000100010000012C00048EFABF6EC02D000100010000012C00048EFABF8EC02D000100010000012C00048EFABFAEC02D000100010000012C00048EFABFCEC02D000100010000012C00048EFABFEEC02D000100010000012C00048EFB200EC02D000100010000012C00048EFABE0EC02D000100010000012C00048EFABE2EC02D000100010000012C00048EFABE4EC02D000100010000012C00048EFABE6EC02D000100010000012C00048EFABE8EC02D000100010000012C0004ACD9042E0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{D105A5CE-09CB-4AC4-BEFF-C7069B3747E8}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.176712-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "youtube-ui.l.google.com.",
"QTYPE": "1",
"Port": "54657",
"XID": "30590",
"BufferSize": "33",
"PacketData": "0x777E818000010001000000000377777707796F757475626503636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.177330-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:4860:4802:36::a",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "youtube-ui.l.google.com.",
"QTYPE": "1",
"QXID": "30590",
"XID": "11138",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "52",
"PacketData": "0x2B82000000010000000000010A796F75747562652D7569016C06676F6F676C6503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D105A5CE-09CB-4AC4-BEFF-C7069B3747E8}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.200142-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "205.251.196.32",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "ns-1260.awsdns-29.org.",
"QTYPE": "1",
"XID": "24765",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "336",
"PacketData": "0x60BD84200001000100040009076E732D3132363009617773646E732D3239036F72670000010001C00C000100010002A3000004CDFBC4ECC014000200010002A300000C09672D6E732D31303536C014C014000200010002A300000B08672D6E732D313537C014C014000200010002A300000C09672D6E732D31363239C014C014000200010002A300000B08672D6E732D373335C014C043000100010002A3000004CDFBC420C043001C00010002A300001026009000530420000000000000000001C05B000100010002A3000004CDFBC09DC05B001C00010002A30000102600900053009D000000000000000001C072000100010002A3000004CDFBC65DC072001C00010002A30000102600900053065D000000000000000001C08A000100010002A3000004CDFBC2DFC08A001C00010002A3000010260090005302DF0000000000000000010000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.201754-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.196.236",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "1",
"QXID": "53380",
"XID": "49638",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "57",
"PacketData": "0xC1E6000000010000000000010C646574656374706F7274616C0470726F64066D6F7A617773034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.202983-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "192.5.6.30",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "ns-cloud-c1.googledomains.com.",
"QTYPE": "1",
"XID": "53744",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "855",
"PacketData": "0xD1F0800000010000000800090B6E732D636C6F75642D63310D676F6F676C65646F6D61696E7303636F6D0000010001C018000200010002A3000006036E7335C018C018000200010002A3000006036E7336C018C018000200010002A3000006036E7337C018C018000200010002A3000006036E7338C01820434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC026003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C077002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E65520564C46565241345032324533454F33463935504834354D535235305142304F50C02600320001000151800022010100000014FD6006E4794814DA3E24614252254A9A78F08B8A0006200000000012C18A002E00010001518000B70032080200015180614AB71D61416C3599AF03636F6D0077926F140F5603530DB2E91BC3C455CB454E106D101596BCABA9AC58604EDA04C0EF7C77543F807BA93440B745F749A17C28D59DAD3EC47016C920049FA73C5882FE59C2B9351E6A809B4C0BF465FFA01C586FEF84418E08EA33EC72F9B8A75F29BA91D15C30DE71A9EEF3DCA848F23334FEDA213332C857022BAE2E7C6CB7208E3E7D978577C1E6EEF8D7277768DD5AB980FB31C04BF2F02AD610A62AFF0D8EC03B001C00010002A30000102001486048020032000000000000000AC03B000100010002A3000004D8EF200AC04D001C00010002A30000102001486048020034000000000000000AC04D000100010002A3000004D8EF220AC05F001C00010002A30000102001486048020036000000000000000AC05F000100010002A3000004D8EF240AC071001C00010002A30000102001486048020038000000000000000AC071000100010002A3000004D8EF260A0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.204485-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:4860:4802:38::a",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "ns-cloud-c1.googledomains.com.",
"QTYPE": "1",
"QXID": "1",
"XID": "64533",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0xFC15000000010000000000010B6E732D636C6F75642D63310D676F6F676C65646F6D61696E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.212811-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2001:4860:4802:36::a",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "youtube-ui.l.google.com.",
"QTYPE": "1",
"XID": "11138",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "276",
"PacketData": "0x2B8284000001000E000000010A796F75747562652D7569016C06676F6F676C6503636F6D0000010001C00C000100010000012C00048EFABFEEC00C000100010000012C00048EFB200EC00C000100010000012C00048EFABE0EC00C000100010000012C00048EFABE2EC00C000100010000012C00048EFABE4EC00C000100010000012C00048EFABE6EC00C000100010000012C00048EFABE8EC00C000100010000012C0004ACD9042EC00C000100010000012C0004ACD9050EC00C000100010000012C0004ACD904CEC00C000100010000012C00048EFABF6EC00C000100010000012C00048EFABF8EC00C000100010000012C00048EFABFAEC00C000100010000012C00048EFABFCE0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{D105A5CE-09CB-4AC4-BEFF-C7069B3747E8}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.213672-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "www.youtube.com.",
"QTYPE": "1",
"XID": "30590",
"DNSSEC": "0",
"RCODE": "0",
"Port": "54657",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "291",
"PacketData": "0x777E81800001000F000000000377777707796F757475626503636F6D0000010001C00C000500010001518000160A796F75747562652D7569016C06676F6F676C65C018C02D000100010000012C00048EFABFEEC02D000100010000012C00048EFB200EC02D000100010000012C00048EFABE0EC02D000100010000012C00048EFABE2EC02D000100010000012C00048EFABE4EC02D000100010000012C00048EFABE6EC02D000100010000012C00048EFABE8EC02D000100010000012C0004ACD9042EC02D000100010000012C0004ACD9050EC02D000100010000012C0004ACD904CEC02D000100010000012C00048EFABF6EC02D000100010000012C00048EFABF8EC02D000100010000012C00048EFABFAEC02D000100010000012C00048EFABFCE",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "119",
"GUID": "{D105A5CE-09CB-4AC4-BEFF-C7069B3747E8}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.219640-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "m.youtube.com.",
"QTYPE": "1",
"XID": "26471",
"Port": "54873",
"BufferSize": "31",
"PacketData": "0x676701000001000000000000016D07796F757475626503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{FADF55AB-82A7-432B-A843-79536C8654BD}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.220908-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.36.10",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "m.youtube.com.",
"QTYPE": "1",
"QXID": "26471",
"XID": "64715",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "42",
"PacketData": "0xFCCB00000001000000000001016D07796F757475626503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{FADF55AB-82A7-432B-A843-79536C8654BD}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.238030-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "205.251.196.236",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "detectportal.prod.mozaws.NET.",
"QTYPE": "1",
"XID": "49638",
"RecursionDepth": "5",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "247",
"PacketData": "0xC1E6842000010001000400010C646574656374706F7274616C0470726F64066D6F7A617773034E45540000010001C00C000500010000012C00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C025C019000200010002A3000017076E732D3132363009617773646E732D3239036F726700C019000200010002A3000019076E732D3139383609617773646E732D353602636F02756B00C019000200010002A3000016066E732D33373709617773646E732D343703636F6D00C019000200010002A3000013066E732D36313409617773646E732D3132C0250000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.238136-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "1",
"Port": "59937",
"XID": "53380",
"BufferSize": "42",
"PacketData": "0xD084818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.238688-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.38.10",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns-cloud-c1.googledomains.com.",
"QTYPE": "1",
"QXID": "1",
"XID": "18295",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0x4777000000010000000000010B6E732D636C6F75642D63310D676F6F676C65646F6D61696E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.243498-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2001:4860:4802:38::a",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "ns-cloud-c1.googledomains.com.",
"QTYPE": "1",
"XID": "64533",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "74",
"PacketData": "0xFC15840000010001000000010B6E732D636C6F75642D63310D676F6F676C65646F6D61696E7303636F6D0000010001C00C00010001000546000004D8EF206C0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.244463-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.32.108",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "28",
"QXID": "30064",
"XID": "6040",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "71",
"PacketData": "0x1798000000010000000000010470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.257375-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "216.239.36.10",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "m.youtube.com.",
"QTYPE": "1",
"XID": "64715",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "58",
"PacketData": "0xFCCB84000001000100000001016D07796F757475626503636F6D0000010001C00C000100010000012C00048EFABF8E0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{FADF55AB-82A7-432B-A843-79536C8654BD}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.257567-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "m.youtube.com.",
"QTYPE": "1",
"XID": "26471",
"DNSSEC": "0",
"RCODE": "0",
"Port": "54873",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "47",
"PacketData": "0x676781800001000100000000016D07796F757475626503636F6D0000010001C00C000100010000012C00048EFABF8E",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "38",
"GUID": "{FADF55AB-82A7-432B-A843-79536C8654BD}",
"EventReceivedTime": "2021-09-16T20:11:37.571827-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.263621-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "youtubei.googleapis.com.",
"QTYPE": "1",
"XID": "52984",
"Port": "36470",
"BufferSize": "41",
"PacketData": "0xCEF80100000100000000000008796F7574756265690A676F6F676C656170697303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{999E5393-7239-49E6-ABE3-A146DEA4A56A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.264617-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:501:b1f9::30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "youtubei.googleapis.com.",
"QTYPE": "1",
"QXID": "52984",
"XID": "58143",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "52",
"PacketData": "0xE31F0000000100000000000108796F7574756265690A676F6F676C656170697303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{999E5393-7239-49E6-ABE3-A146DEA4A56A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.280036-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "216.239.38.10",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "ns-cloud-c1.googledomains.com.",
"QTYPE": "1",
"XID": "18295",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "74",
"PacketData": "0x4777840000010001000000010B6E732D636C6F75642D63310D676F6F676C65646F6D61696E7303636F6D0000010001C00C00010001000546000004D8EF206C0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.281284-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.32.108",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "1",
"QXID": "53380",
"XID": "33340",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "60",
"PacketData": "0x823C000000010000000000000470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E45540000010001",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.283726-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "216.239.32.108",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "28",
"XID": "6040",
"RecursionDepth": "7",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "192",
"PacketData": "0x1798800000010000000400010470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E455400001C0001C023000200010000012C001F0B6E732D636C6F75642D61340D676F6F676C65646F6D61696E7303636F6D00C023000200010000012C000E0B6E732D636C6F75642D6131C054C023000200010000012C000E0B6E732D636C6F75642D6132C054C023000200010000012C000E0B6E732D636C6F75642D6133C0540000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.284585-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:4860:4802:34::a",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "ns-cloud-a4.googledomains.com.",
"QTYPE": "1",
"QXID": "1",
"XID": "57742",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0xE18E000000010000000000010B6E732D636C6F75642D61340D676F6F676C65646F6D61696E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.307277-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:501:b1f9::30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "youtubei.googleapis.com.",
"QTYPE": "1",
"XID": "58143",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "856",
"PacketData": "0xE31F8000000100000008000908796F7574756265690A676F6F676C656170697303636F6D0000010001C015000200010002A300000D036E733206676F6F676C65C020C015000200010002A3000006036E7331C039C015000200010002A3000006036E7333C039C015000200010002A3000006036E7334C03920434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC020003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C078002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E65520364C39345441334A544E4F35384C33364F4F31504C4B55394454435130453446C02000320001000151800022010100000014355257E8F63417F6184286881627E8C144C364360006200000000012C18B002E00010001518000B700320802000151806149664A61401B6299AF03636F6D003BAF30C211F86EBCA537D486EFB8CE2C35F62FB39711D5B5F85F9AA174E7D5D593328810BA8C7AE2F2F9D8BE0072ACC8E65F228F94CD0521402C9E72BB56A16018557CB628C8170839DF70C477261A7F754A506DD852143C2A892D301F3968CA05FD2001999C71436FC5AB30615B8C30EED3744FA2B116AD03EF603B63740A52963212C2F6AF8EE5FEF2CAA91EF2DBFCCE65FDF2248955D427C7CC749415C08EC035001C00010002A30000102001486048020034000000000000000AC035000100010002A3000004D8EF220AC04E001C00010002A30000102001486048020032000000000000000AC04E000100010002A3000004D8EF200AC060001C00010002A30000102001486048020036000000000000000AC060000100010002A3000004D8EF240AC072001C00010002A30000102001486048020038000000000000000AC072000100010002A3000004D8EF260A0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{999E5393-7239-49E6-ABE3-A146DEA4A56A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.308001-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:4860:4802:38::a",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "youtubei.googleapis.com.",
"QTYPE": "1",
"QXID": "52984",
"XID": "40723",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "52",
"PacketData": "0x9F130000000100000000000108796F7574756265690A676F6F676C656170697303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{999E5393-7239-49E6-ABE3-A146DEA4A56A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.315461-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2001:4860:4802:34::a",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "ns-cloud-a4.googledomains.com.",
"QTYPE": "1",
"XID": "57742",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "74",
"PacketData": "0xE18E840000010001000000010B6E732D636C6F75642D61340D676F6F676C65646F6D61696E7303636F6D0000010001C00C00010001000546000004D8EF266A0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.316545-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.38.106",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "28",
"QXID": "30064",
"XID": "26260",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "71",
"PacketData": "0x6694000000010000000000010470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.320172-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "216.239.32.108",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "1",
"XID": "33340",
"RecursionDepth": "6",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "181",
"PacketData": "0x823C800000010000000400000470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E45540000010001C023000200010000012C001F0B6E732D636C6F75642D61330D676F6F676C65646F6D61696E7303636F6D00C023000200010000012C000E0B6E732D636C6F75642D6131C054C023000200010000012C000E0B6E732D636C6F75642D6134C054C023000200010000012C000E0B6E732D636C6F75642D6132C054",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.324001-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.38.106",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "1",
"QXID": "53380",
"XID": "7082",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "60",
"PacketData": "0x1BAA000000010000000000000470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E45540000010001",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.347260-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2001:4860:4802:38::a",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "youtubei.googleapis.com.",
"QTYPE": "1",
"XID": "40723",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "68",
"PacketData": "0x9F138400000100010000000108796F7574756265690A676F6F676C656170697303636F6D0000010001C00C000100010000012C00048EFABF6A0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{999E5393-7239-49E6-ABE3-A146DEA4A56A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.348268-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "youtubei.googleapis.com.",
"QTYPE": "1",
"XID": "52984",
"DNSSEC": "0",
"RCODE": "0",
"Port": "36470",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "57",
"PacketData": "0xCEF88180000100010000000008796F7574756265690A676F6F676C656170697303636F6D0000010001C00C000100010000012C00048EFABF6A",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "84",
"GUID": "{999E5393-7239-49E6-ABE3-A146DEA4A56A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.349290-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "216.239.38.106",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "28",
"XID": "26260",
"RecursionDepth": "8",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "192",
"PacketData": "0x6694800000010000000400010470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E455400001C0001C01E000200010000012C001F0B6E732D636C6F75642D65330D676F6F676C65646F6D61696E7303636F6D00C01E000200010000012C000E0B6E732D636C6F75642D6532C054C01E000200010000012C000E0B6E732D636C6F75642D6534C054C01E000200010000012C000E0B6E732D636C6F75642D6531C0540000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.350143-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:4860:4802:38::a",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "ns-cloud-e3.googledomains.com.",
"QTYPE": "1",
"QXID": "1",
"XID": "14563",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0x38E3000000010000000000010B6E732D636C6F75642D65330D676F6F676C65646F6D61696E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.355510-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "216.239.38.106",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "1",
"XID": "7082",
"RecursionDepth": "7",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "181",
"PacketData": "0x1BAA800000010000000400000470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E45540000010001C01E000200010000012C001F0B6E732D636C6F75642D65340D676F6F676C65646F6D61696E7303636F6D00C01E000200010000012C000E0B6E732D636C6F75642D6533C054C01E000200010000012C000E0B6E732D636C6F75642D6531C054C01E000200010000012C000E0B6E732D636C6F75642D6532C054",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.357898-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.36.10",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns-cloud-e3.googledomains.com.",
"QTYPE": "1",
"QXID": "1",
"XID": "30620",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0x779C000000010000000000010B6E732D636C6F75642D65330D676F6F676C65646F6D61696E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.358001-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "youtube.googleapis.com.",
"QTYPE": "1",
"XID": "20659",
"Port": "41014",
"BufferSize": "40",
"PacketData": "0x50B30100000100000000000007796F75747562650A676F6F676C656170697303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{BB6BC72D-01BE-4E10-9151-78CE461C9952}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.358748-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.32.10",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "youtube.googleapis.com.",
"QTYPE": "1",
"QXID": "20659",
"XID": "44875",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0xAF4B0000000100000000000107796F75747562650A676F6F676C656170697303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{BB6BC72D-01BE-4E10-9151-78CE461C9952}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.389455-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2001:4860:4802:38::a",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "ns-cloud-e3.googledomains.com.",
"QTYPE": "1",
"XID": "14563",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "74",
"PacketData": "0x38E3840000010001000000010B6E732D636C6F75642D65330D676F6F676C65646F6D61696E7303636F6D0000010001C00C00010001000546000004D8EF246E0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.391396-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.36.110",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "28",
"QXID": "30064",
"XID": "30461",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "71",
"PacketData": "0x76FD000000010000000000010470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.395725-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "216.239.36.10",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "ns-cloud-e3.googledomains.com.",
"QTYPE": "1",
"XID": "30620",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "74",
"PacketData": "0x779C840000010001000000010B6E732D636C6F75642D65330D676F6F676C65646F6D61696E7303636F6D0000010001C00C00010001000546000004D8EF246E0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.396951-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.36.110",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "1",
"QXID": "53380",
"XID": "10837",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "60",
"PacketData": "0x2A55000000010000000000000470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E45540000010001",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.399365-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "216.239.32.10",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "youtube.googleapis.com.",
"QTYPE": "1",
"XID": "44875",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "67",
"PacketData": "0xAF4B8400000100010000000107796F75747562650A676F6F676C656170697303636F6D0000010001C00C000100010000012C00048EFABFEA0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{BB6BC72D-01BE-4E10-9151-78CE461C9952}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.399556-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "youtube.googleapis.com.",
"QTYPE": "1",
"XID": "20659",
"DNSSEC": "0",
"RCODE": "0",
"Port": "41014",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "56",
"PacketData": "0x50B38180000100010000000007796F75747562650A676F6F676C656170697303636F6D0000010001C00C000100010000012C00048EFABFEA",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "42",
"GUID": "{BB6BC72D-01BE-4E10-9151-78CE461C9952}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.404454-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "www.youtube-nocookie.com.",
"QTYPE": "1",
"XID": "30149",
"Port": "53765",
"BufferSize": "42",
"PacketData": "0x75C5010000010000000000000377777710796F75747562652D6E6F636F6F6B696503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{1AB159AA-394B-49C5-B02C-8C5D01528454}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.405537-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:503:d2d::30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "www.youtube-nocookie.com.",
"QTYPE": "1",
"QXID": "30149",
"XID": "10374",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "53",
"PacketData": "0x2886000000010000000000010377777710796F75747562652D6E6F636F6F6B696503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1AB159AA-394B-49C5-B02C-8C5D01528454}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.430922-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "216.239.36.110",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "28",
"XID": "30461",
"RecursionDepth": "9",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "192",
"PacketData": "0x76FD800000010000000400010470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E455400001C0001C011000200010000012C001F0B6E732D636C6F75642D64310D676F6F676C65646F6D61696E7303636F6D00C011000200010000012C000E0B6E732D636C6F75642D6434C054C011000200010000012C000E0B6E732D636C6F75642D6433C054C011000200010000012C000E0B6E732D636C6F75642D6432C0540000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.432329-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.36.10",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns-cloud-d1.googledomains.com.",
"QTYPE": "1",
"QXID": "1",
"XID": "25707",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0x646B000000010000000000010B6E732D636C6F75642D64310D676F6F676C65646F6D61696E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.435669-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "216.239.36.110",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "1",
"XID": "10837",
"RecursionDepth": "8",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "181",
"PacketData": "0x2A55800000010000000400000470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E45540000010001C011000200010000012C001F0B6E732D636C6F75642D64340D676F6F676C65646F6D61696E7303636F6D00C011000200010000012C000E0B6E732D636C6F75642D6433C054C011000200010000012C000E0B6E732D636C6F75642D6431C054C011000200010000012C000E0B6E732D636C6F75642D6432C054",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.437025-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:4860:4802:38::a",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "ns-cloud-d1.googledomains.com.",
"QTYPE": "1",
"QXID": "1",
"XID": "54358",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0xD456000000010000000000010B6E732D636C6F75642D64310D676F6F676C65646F6D61696E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.443799-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:503:d2d::30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "www.youtube-nocookie.com.",
"QTYPE": "1",
"XID": "10374",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "857",
"PacketData": "0x2886800000010000000800090377777710796F75747562652D6E6F636F6F6B696503636F6D0000010001C010000200010002A300000D036E733206676F6F676C65C021C010000200010002A3000006036E7331C03AC010000200010002A3000006036E7333C03AC010000200010002A3000006036E7334C03A20434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC021003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C079002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E655204733465250384A304E454551473049535254493236534B415434365449424B32C0210032000100015180002201010000001480DFC0F48AB52BBF3D455EFE9DB569FFA77353DE0006200000000012C18C002E00010001518000B70032080200015180614AB61C61416B3499AF03636F6D0039BCA59EE3A308F2E9087C1E8096907E13DC44EEDB0CFE2EEF443EFA0A4F702AB5C4CA0D2C1CDD779DB4685A9027F45E5073CA551AB31444B75CEC4315AE0225F0BD619BAC5BC846C86CE225BCB15B69DEC9A3DE9C94DDC7804CF51C1DD5D32A0DBD260B09F11DADEF5A57A7668FF7AAC1CBF3221483E0280038402C89A7D2FE0AF362021389F5543435D599C7BCB190C4F621B4BCC27F1416BACA5489CEF18EC036001C00010002A30000102001486048020034000000000000000AC036000100010002A3000004D8EF220AC04F001C00010002A30000102001486048020032000000000000000AC04F000100010002A3000004D8EF200AC061001C00010002A30000102001486048020036000000000000000AC061000100010002A3000004D8EF240AC073001C00010002A30000102001486048020038000000000000000AC073000100010002A3000004D8EF260A0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{1AB159AA-394B-49C5-B02C-8C5D01528454}",
"EventReceivedTime": "2021-09-16T20:11:37.587444-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.444257-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:4860:4802:32::a",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "www.youtube-nocookie.com.",
"QTYPE": "1",
"QXID": "30149",
"XID": "11340",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "53",
"PacketData": "0x2C4C000000010000000000010377777710796F75747562652D6E6F636F6F6B696503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1AB159AA-394B-49C5-B02C-8C5D01528454}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.491934-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "216.239.36.10",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "ns-cloud-d1.googledomains.com.",
"QTYPE": "1",
"XID": "25707",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "74",
"PacketData": "0x646B840000010001000000010B6E732D636C6F75642D64310D676F6F676C65646F6D61696E7303636F6D0000010001C00C00010001000546000004D8EF206D0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.492226-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.32.109",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "28",
"QXID": "30064",
"XID": "51311",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "71",
"PacketData": "0xC86F000000010000000000010470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.492360-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2001:4860:4802:38::a",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "ns-cloud-d1.googledomains.com.",
"QTYPE": "1",
"XID": "54358",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "74",
"PacketData": "0xD456840000010001000000010B6E732D636C6F75642D64310D676F6F676C65646F6D61696E7303636F6D0000010001C00C00010001000546000004D8EF206D0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.492538-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.32.109",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "1",
"QXID": "53380",
"XID": "64578",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "60",
"PacketData": "0xFC42000000010000000000000470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E45540000010001",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.492655-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2001:4860:4802:32::a",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "www.youtube-nocookie.com.",
"QTYPE": "1",
"XID": "11340",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "311",
"PacketData": "0x2C4C84000001000F000000010377777710796F75747562652D6E6F636F6F6B696503636F6D0000010001C00C000500010001518000160A796F75747562652D7569016C06676F6F676C65C021C036000100010000012C00048EFABFEEC036000100010000012C00048EFB200EC036000100010000012C00048EFABE0EC036000100010000012C00048EFABE2EC036000100010000012C00048EFABE4EC036000100010000012C00048EFABE6EC036000100010000012C00048EFABE8EC036000100010000012C0004ACD9042EC036000100010000012C0004ACD9050EC036000100010000012C0004ACD904CEC036000100010000012C00048EFABF6EC036000100010000012C00048EFABF8EC036000100010000012C00048EFABFAEC036000100010000012C00048EFABFCE0000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{1AB159AA-394B-49C5-B02C-8C5D01528454}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.492853-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "youtube-ui.l.google.com.",
"QTYPE": "1",
"Port": "53765",
"XID": "30149",
"BufferSize": "42",
"PacketData": "0x75C5818000010001000000000377777710796F75747562652D6E6F636F6F6B696503636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.493035-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "www.youtube-nocookie.com.",
"QTYPE": "1",
"XID": "30149",
"DNSSEC": "0",
"RCODE": "0",
"Port": "53765",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "300",
"PacketData": "0x75C581800001000F000000000377777710796F75747562652D6E6F636F6F6B696503636F6D0000010001C00C000500010001518000160A796F75747562652D7569016C06676F6F676C65C021C036000100010000012C00048EFB200EC036000100010000012C00048EFABE0EC036000100010000012C00048EFABE2EC036000100010000012C00048EFABE4EC036000100010000012C00048EFABE6EC036000100010000012C00048EFABE8EC036000100010000012C0004ACD9042EC036000100010000012C0004ACD9050EC036000100010000012C0004ACD904CEC036000100010000012C00048EFABF6EC036000100010000012C00048EFABF8EC036000100010000012C00048EFABFAEC036000100010000012C00048EFABFCEC036000100010000012C00048EFABFEE",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "88",
"GUID": "{1AB159AA-394B-49C5-B02C-8C5D01528454}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.496395-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "restrict.youtube.com.",
"QTYPE": "1",
"XID": "13641",
"Port": "51365",
"BufferSize": "38",
"PacketData": "0x35490100000100000000000008726573747269637407796F757475626503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{877877C6-5E7E-462E-ADAD-ADEF78B97538}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.496574-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "216.239.32.10",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "restrict.youtube.com.",
"QTYPE": "1",
"QXID": "13641",
"XID": "42812",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "49",
"PacketData": "0xA73C0000000100000000000108726573747269637407796F757475626503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{877877C6-5E7E-462E-ADAD-ADEF78B97538}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.531549-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "216.239.32.109",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "28",
"XID": "51311",
"RecursionDepth": "10",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "99",
"PacketData": "0xC86F840000010001000000010470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E455400001C0001C00C001C000100000708001026001901000038D700000000000000000000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.531667-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "21849",
"DNSSEC": "0",
"RCODE": "0",
"Port": "47055",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "165",
"PacketData": "0x5559818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC060001C000100000707001026001901000038D70000000000000000",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "645",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.531810-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "30064",
"DNSSEC": "0",
"RCODE": "0",
"Port": "59937",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "165",
"PacketData": "0x7570818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC060001C000100000707001026001901000038D70000000000000000",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "645",
"GUID": "{77E5BC84-6F69-4896-9B42-8F71AAD8C038}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.533084-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "216.239.32.109",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.NET.",
"QTYPE": "1",
"XID": "64578",
"RecursionDepth": "9",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "76",
"PacketData": "0xFC42840000010001000000000470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370034E45540000010001C00C00010001000007080004226BDD52",
"AdditionalInfo": ".",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.533172-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "4938",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55126",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "153",
"PacketData": "0x134A818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC06000010001000007070004226BDD52",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "648",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.533402-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "17503",
"DNSSEC": "0",
"RCODE": "0",
"Port": "47055",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "153",
"PacketData": "0x445F818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC06000010001000007070004226BDD52",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "649",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.533446-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "53380",
"DNSSEC": "0",
"RCODE": "0",
"Port": "59937",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "153",
"PacketData": "0xD084818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC06000010001000007070004226BDD52",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "649",
"GUID": "{D61F2043-1C2D-4B3E-94A4-EAF81616484A}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.533962-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "6284",
"Port": "34214",
"BufferSize": "42",
"PacketData": "0x188C010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{8F80B30F-556A-494C-93C8-40D3A5E1F125}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.534071-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "1",
"Port": "34214",
"XID": "6284",
"BufferSize": "42",
"PacketData": "0x188C818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.534085-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "1",
"Port": "34214",
"XID": "6284",
"BufferSize": "42",
"PacketData": "0x188C818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.534134-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "6284",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34214",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "153",
"PacketData": "0x188C818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC06000010001000007070004226BDD52",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{8F80B30F-556A-494C-93C8-40D3A5E1F125}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.534153-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "32904",
"Port": "34214",
"BufferSize": "42",
"PacketData": "0x8088010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{5DB3D4EC-E161-4D46-9774-6E7C36253E01}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.534206-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "28",
"Port": "34214",
"XID": "32904",
"BufferSize": "42",
"PacketData": "0x8088818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.534216-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "28",
"Port": "34214",
"XID": "32904",
"BufferSize": "42",
"PacketData": "0x8088818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.534252-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "32904",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34214",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "165",
"PacketData": "0x8088818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC060001C000100000707001026001901000038D70000000000000000",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{5DB3D4EC-E161-4D46-9774-6E7C36253E01}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.534706-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "3914",
"Port": "51831",
"BufferSize": "42",
"PacketData": "0x0F4A010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{29D8E93C-2944-4B52-A4B2-B4341733E864}",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.534820-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "1",
"Port": "51831",
"XID": "3914",
"BufferSize": "42",
"PacketData": "0x0F4A818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.534838-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "1",
"Port": "51831",
"XID": "3914",
"BufferSize": "42",
"PacketData": "0x0F4A818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.603012-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.534951-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "3914",
"DNSSEC": "0",
"RCODE": "0",
"Port": "51831",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "153",
"PacketData": "0x0F4A818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC06000010001000007070004226BDD52",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{29D8E93C-2944-4B52-A4B2-B4341733E864}",
"EventReceivedTime": "2021-09-16T20:11:37.618696-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.535036-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "53582",
"Port": "51831",
"BufferSize": "42",
"PacketData": "0xD14E010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{9DE52E9D-C716-441F-9C8C-55675A88796F}",
"EventReceivedTime": "2021-09-16T20:11:37.884060-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.535054-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "28",
"Port": "51831",
"XID": "53582",
"BufferSize": "42",
"PacketData": "0xD14E818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:37.884060-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.535063-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "28",
"Port": "51831",
"XID": "53582",
"BufferSize": "42",
"PacketData": "0xD14E818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:37.884060-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.535103-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "53582",
"DNSSEC": "0",
"RCODE": "0",
"Port": "51831",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "165",
"PacketData": "0xD14E818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC060001C000100000707001026001901000038D70000000000000000",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{9DE52E9D-C716-441F-9C8C-55675A88796F}",
"EventReceivedTime": "2021-09-16T20:11:37.884060-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.535739-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "216.239.32.10",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "restrict.youtube.com.",
"QTYPE": "1",
"XID": "42812",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "65",
"PacketData": "0xA73C8400000100010000000108726573747269637407796F757475626503636F6D0000010001C00C0001000100000E100004D8EF26780000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{877877C6-5E7E-462E-ADAD-ADEF78B97538}",
"EventReceivedTime": "2021-09-16T20:11:37.884060-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.535819-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "restrict.youtube.com.",
"QTYPE": "1",
"XID": "13641",
"DNSSEC": "0",
"RCODE": "0",
"Port": "51365",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "54",
"PacketData": "0x35498180000100010000000008726573747269637407796F757475626503636F6D0000010001C00C0001000100000E100004D8EF2678",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "39",
"GUID": "{877877C6-5E7E-462E-ADAD-ADEF78B97538}",
"EventReceivedTime": "2021-09-16T20:11:37.884060-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.538008-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "restrictmoderate.youtube.com.",
"QTYPE": "1",
"XID": "53469",
"Port": "59570",
"BufferSize": "46",
"PacketData": "0xD0DD010000010000000000001072657374726963746D6F64657261746507796F757475626503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{389D07F2-0084-40E2-A29A-AAF01B610A88}",
"EventReceivedTime": "2021-09-16T20:11:37.884060-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.538165-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:4860:4802:34::a",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "restrictmoderate.youtube.com.",
"QTYPE": "1",
"QXID": "53469",
"XID": "53460",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "57",
"PacketData": "0xD0D4000000010000000000011072657374726963746D6F64657261746507796F757475626503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{389D07F2-0084-40E2-A29A-AAF01B610A88}",
"EventReceivedTime": "2021-09-16T20:11:37.884060-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.569461-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2001:4860:4802:34::a",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "restrictmoderate.youtube.com.",
"QTYPE": "1",
"XID": "53460",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "73",
"PacketData": "0xD0D4840000010001000000011072657374726963746D6F64657261746507796F757475626503636F6D0000010001C00C0001000100000E100004D8EF26770000290200000080000000",
"AdditionalInfo": ".",
"GUID": "{389D07F2-0084-40E2-A29A-AAF01B610A88}",
"EventReceivedTime": "2021-09-16T20:11:37.884060-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.569598-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "restrictmoderate.youtube.com.",
"QTYPE": "1",
"XID": "53469",
"DNSSEC": "0",
"RCODE": "0",
"Port": "59570",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "62",
"PacketData": "0xD0DD818000010001000000001072657374726963746D6F64657261746507796F757475626503636F6D0000010001C00C0001000100000E100004D8EF2677",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "32",
"GUID": "{389D07F2-0084-40E2-A29A-AAF01B610A88}",
"EventReceivedTime": "2021-09-16T20:11:37.884060-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.571686-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "sitereview.zscaler.com.",
"QTYPE": "1",
"XID": "14688",
"Port": "59966",
"BufferSize": "40",
"PacketData": "0x3960010000010000000000000A73697465726576696577077A7363616C657203636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{D1646174-EA78-45DB-80E1-1129172E1262}",
"EventReceivedTime": "2021-09-16T20:11:37.884060-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.571812-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:503:eea3::30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "sitereview.zscaler.com.",
"QTYPE": "1",
"QXID": "14688",
"XID": "62342",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0xF386000000010000000000010A73697465726576696577077A7363616C657203636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D1646174-EA78-45DB-80E1-1129172E1262}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.575223-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "29589",
"Port": "44124",
"BufferSize": "29",
"PacketData": "0x739501000001000000000000076D6F7A696C6C61036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{D9B7A248-4343-45A4-B8F9-D7D765E40254}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.575282-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "29589",
"DNSSEC": "0",
"RCODE": "0",
"Port": "44124",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0x739581800001000300000000076D6F7A696C6C61036F72670000010001C00C0001000100000E0F00042CEC301FC00C0001000100000E0F00042CEC485DC00C0001000100000E0F00042CEBF69B",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{D9B7A248-4343-45A4-B8F9-D7D765E40254}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.575293-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "35817",
"Port": "44124",
"BufferSize": "29",
"PacketData": "0x8BE901000001000000000000076D6F7A696C6C61036F726700001C0001",
"AdditionalInfo": ".",
"GUID": "{D319D3AB-49F2-4508-9EC0-DF8C165B52C2}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.575310-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "35817",
"DNSSEC": "0",
"RCODE": "0",
"Port": "44124",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0x8BE981800001000000010000076D6F7A696C6C61036F726700001C0001C00C000600010000003B004409696E666F626C6F78310770726976617465046D646331076D6F7A696C6C6103636F6D000973797361646D696E73C00C78581ECA000000B4000000B4001275000000003C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{D319D3AB-49F2-4508-9EC0-DF8C165B52C2}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.575322-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "47290",
"Port": "59036",
"BufferSize": "42",
"PacketData": "0xB8BA010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{AA9A060F-A5B6-42E8-A8C9-623E6391E9C5}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.575331-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "1",
"Port": "59036",
"XID": "47290",
"BufferSize": "42",
"PacketData": "0xB8BA818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.575341-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "1",
"Port": "59036",
"XID": "47290",
"BufferSize": "42",
"PacketData": "0xB8BA818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.575468-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "47290",
"DNSSEC": "0",
"RCODE": "0",
"Port": "59036",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "153",
"PacketData": "0xB8BA818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC06000010001000007070004226BDD52",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{AA9A060F-A5B6-42E8-A8C9-623E6391E9C5}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.575487-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "7867",
"Port": "59036",
"BufferSize": "42",
"PacketData": "0x1EBB010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{90F2128B-23B3-422B-BB94-F00FE40E38AB}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.575625-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "28",
"Port": "59036",
"XID": "7867",
"BufferSize": "42",
"PacketData": "0x1EBB818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.575635-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "28",
"Port": "59036",
"XID": "7867",
"BufferSize": "42",
"PacketData": "0x1EBB818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.575660-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "7867",
"DNSSEC": "0",
"RCODE": "0",
"Port": "59036",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "165",
"PacketData": "0x1EBB818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC060001C000100000707001026001901000038D70000000000000000",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{90F2128B-23B3-422B-BB94-F00FE40E38AB}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.575688-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "8341",
"Port": "40558",
"BufferSize": "42",
"PacketData": "0x2095010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{9A2B153E-4681-4E6D-86A4-2A2ACECAC6D2}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.575695-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "1",
"Port": "40558",
"XID": "8341",
"BufferSize": "42",
"PacketData": "0x2095818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.575699-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "1",
"Port": "40558",
"XID": "8341",
"BufferSize": "42",
"PacketData": "0x2095818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.575719-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "8341",
"DNSSEC": "0",
"RCODE": "0",
"Port": "40558",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "153",
"PacketData": "0x2095818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC06000010001000007070004226BDD52",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{9A2B153E-4681-4E6D-86A4-2A2ACECAC6D2}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.575728-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "42135",
"Port": "40558",
"BufferSize": "42",
"PacketData": "0xA497010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{AB256D51-A238-470A-BDC8-BD6178AC8823}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.575769-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "28",
"Port": "40558",
"XID": "42135",
"BufferSize": "42",
"PacketData": "0xA497818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:37.575774-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "28",
"Port": "40558",
"XID": "42135",
"BufferSize": "42",
"PacketData": "0xA497818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.575922-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "42135",
"DNSSEC": "0",
"RCODE": "0",
"Port": "40558",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "165",
"PacketData": "0xA497818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001C00C000500010000003B001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012B00290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC060001C000100000707001026001901000038D70000000000000000",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{AB256D51-A238-470A-BDC8-BD6178AC8823}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.597176-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:503:eea3::30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "sitereview.zscaler.com.",
"QTYPE": "1",
"XID": "62342",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "990",
"PacketData": "0xF386800000010000000A000D0A73697465726576696577077A7363616C657203636F6D0000010001C017000200010002A3000013046E7331300B646E736D61646565617379C01FC017000200010002A3000007046E733131C039C017000200010002A3000007046E733132C039C017000200010002A3000007046E733133C039C017000200010002A3000007046E733134C039C017000200010002A3000007046E733135C03920434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC01F003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C0A6002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E655204A4A5451475437354151313741304C4A434651444B475447474E383742413846C01F003200010001518000220101000000149CFBAAABF9BE01B5F36F0440BDB26F2C773FED2F0006200000000012C1B9002E00010001518000B70032080200015180614C0B9E6142C0B699AF03636F6D0061D3C833C3C8409D60F7F0525191B10723BF4BFDE8CB157B0388AA3AAC74936B94CCF04BDCE9457079E99A7C0908178310A3A63EDB6C115589F62821C4D3D6FF3E54BDD25E694FF7E50F04103B44006CBA8FD3226796D79F1FB3E1F31C986F5765B0F5CC246D42E1BAF731B374F79F2DD005C4AF0D0A6147D47B393022B7C3E0E2C76615E72B436320AF42A341BD8223C53FA71EA14012AC3A1C67190F05582EC034000100010002A3000004D05E9404C034001C00010002A300001026001800001000000000000000000001C053000100010002A3000004D0507C04C053001C00010002A300001026001801001100000000000000000001C066000100010002A3000004D0507E04C066001C00010002A300001026001802001200000000000000000001C079000100010002A3000004D0507D04C079001C00010002A300001026001801001300000000000000000001C08C000100010002A3000004D0507F04C08C001C00010002A300001026001802001400000000000000000001C09F000100010002A3000004D05E9504C09F001C00010002A3000010260018000015000000000000000000010000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{D1646174-EA78-45DB-80E1-1129172E1262}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.597333-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "208.80.126.4",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "sitereview.zscaler.com.",
"QTYPE": "1",
"QXID": "14688",
"XID": "7951",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0x1F0F000000010000000000010A73697465726576696577077A7363616C657203636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D1646174-EA78-45DB-80E1-1129172E1262}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.616691-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "208.80.126.4",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "sitereview.zscaler.com.",
"QTYPE": "1",
"XID": "7951",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "67",
"PacketData": "0x1F0F840000010001000000010A73697465726576696577077A7363616C657203636F6D0000010001C00C000100010000012C0004C7A894560000290500000080000000",
"AdditionalInfo": ".",
"GUID": "{D1646174-EA78-45DB-80E1-1129172E1262}",
"EventReceivedTime": "2021-09-16T20:11:37.902150-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.616749-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "sitereview.zscaler.com.",
"QTYPE": "1",
"XID": "14688",
"DNSSEC": "0",
"RCODE": "0",
"Port": "59966",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "56",
"PacketData": "0x3960818000010001000000000A73697465726576696577077A7363616C657203636F6D0000010001C00C000100010000012C0004C7A89456",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "45",
"GUID": "{D1646174-EA78-45DB-80E1-1129172E1262}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.618263-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "use-application-dns.net.",
"QTYPE": "1",
"XID": "50802",
"Port": "50536",
"BufferSize": "41",
"PacketData": "0xC67201000001000000000000137573652D6170706C69636174696F6E2D646E73036E65740000010001",
"AdditionalInfo": ".",
"GUID": "{5B339A76-DF68-449A-BE44-858702A159C7}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.618387-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:503:d2d::30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "use-application-dns.net.",
"QTYPE": "1",
"QXID": "50802",
"XID": "37855",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "52",
"PacketData": "0x93DF00000001000000000001137573652D6170706C69636174696F6E2D646E73036E657400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{5B339A76-DF68-449A-BE44-858702A159C7}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.658044-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:503:d2d::30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "use-application-dns.net.",
"QTYPE": "1",
"XID": "37855",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "783",
"PacketData": "0x93DF80000001000000080006137573652D6170706C69636174696F6E2D646E73036E65740000010001C00C000200010002A300000F076E73312D32343004616B616DC020C00C000200010002A3000009066E73372D3636C03DC00C000200010002A3000009066E73352D3635C03DC00C000200010002A3000009066E73342D3634C03D20413152543938425335514743394E4649353153394843493437554C4A47364A48C020003200010001518000230101000000145077EF3DF3A33A2D14993A1E874E1344D743C90B000722000000000290C083002E00010001518000B700320802000151806149717C61402694FF62036E657400B6321648DFB0D93CE5875A4612080D3092669F8C1B7E7BA200F78095D14E072097269DDAB573C06E9DE1D637095BD0561D096122F515E3A42C71E1C545889FC3BA4016371DAC852CC727732B22E34129A97E424D82E9531B20698A87B307DCC9FC6FF6E3E3DA999E66D048E1E7B01688586CCBCA11D3604AD67C06119723641FAAEE7F8F982A0D36D6B39CC34CA9005DAB99EAF51A2B4D183DCC4C9C234EAA97203533475131454B394637535337354945443933523452464C4334424151394448C0200032000100015180002201010000001428E1CC68D0D76BBA3DE60AF8E9D547593596BAC60006200000000012C196002E00010001518000B70032080200015180614970E4614025FCFF62036E657400A1EA4D2DB2E1F7F903608BE5E3E04B8202BD41765B3D4F7A1F392E082D4CF6655F38F509D977D748932333B7499F48F81475166FB78E32CB7BB5CA26AFD7A227AE98758BF3503B7E37D546B586CD30AF88023340BAE4FB945935C1D029B77C6874AF6CD24B58BADDEDE8B788B5EC83399B3CBEBED9D5563EB75CA6605E1D6462F09057682567C4B83AF2480A00274D15C0052D0A1181D06D16F9EFF632E48A26C035000100010002A3000004C16C5BF0C035001C00010002A3000010260014010002000000000000000000F0C050000100010002A300000460073142C065000100010002A3000004B855F841C07A000100010002A300000454358B400000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{5B339A76-DF68-449A-BE44-858702A159C7}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.658261-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "use-application-dns.net.",
"QTYPE": "1",
"QXID": "50802",
"XID": "6932",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "52",
"PacketData": "0x1B1400000001000000000001137573652D6170706C69636174696F6E2D646E73036E657400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{5B339A76-DF68-449A-BE44-858702A159C7}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.693665-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "184.85.248.65",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "use-application-dns.net.",
"QTYPE": "1",
"XID": "6932",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "100",
"PacketData": "0x1B1484000001000300000001137573652D6170706C69636174696F6E2D646E73036E65740000010001C00C000100010000025800042CEC485DC00C000100010000025800042CEC301FC00C000100010000025800042CEBF69B0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{5B339A76-DF68-449A-BE44-858702A159C7}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.693724-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "use-application-dns.net.",
"QTYPE": "1",
"XID": "50802",
"DNSSEC": "0",
"RCODE": "0",
"Port": "50536",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "89",
"PacketData": "0xC67281800001000300000000137573652D6170706C69636174696F6E2D646E73036E65740000010001C00C000100010000025800042CEC485DC00C000100010000025800042CEC301FC00C000100010000025800042CEBF69B",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "76",
"GUID": "{5B339A76-DF68-449A-BE44-858702A159C7}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.737591-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "doh.test.",
"QTYPE": "1",
"XID": "26997",
"Port": "53330",
"BufferSize": "26",
"PacketData": "0x69750100000100000000000003646F6804746573740000010001",
"AdditionalInfo": ".",
"GUID": "{8CAF32E1-A4F8-4707-A36B-6A87FBB1BF84}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:37.737760-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "192.112.36.4",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "doh.test.",
"QTYPE": "1",
"QXID": "26997",
"XID": "19270",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "37",
"PacketData": "0x4B460000000100000000000103646F68047465737400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{8CAF32E1-A4F8-4707-A36B-6A87FBB1BF84}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:37.767780-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33795",
"TCP": "0",
"Source": "192.112.36.4",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "doh.test.",
"QTYPE": "1",
"XID": "19270",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "1028",
"PacketData": "0x4B468403000100000006000103646F6804746573740000010001000006000100015180004001610C726F6F742D73657276657273036E657400056E73746C640C766572697369676E2D67727303636F6D0078776911000007080000038400093A800001518000002E0001000151800113000608000001518061549B9061436A0068D6000FCA9528A96F69885F9B4A7A96926527B4EC6020DC1879BD5441FAB53EACC88DCF049369C5304D2CAEC2E78F64604FC8D4BEABB4CEE8E335E081AB943144C8DE6260721CC1A8A0DAD654D24D6DDB2A8C5B484EDEE2892B9CA535A3CA21348E74ABCD10B0CE2A94C80BF31E952DD9D666019721F1E098C1BCE3950AAF16A9AFDBAF2ABF082C92713BD2164CD47DFAC7988A901282C003AB94B932F5879F02F14BB4848F25ACC76C636EF043A248AA51B43A96032BFFBA0023A32688DCD1C8283AE5DC39D6EDE17665A897EEB5367F76C037D143148E22288C4A3BCA9D1502F892A65B8165877829CA3EA520F7C63484EA8009CA2DE424212ED2C8EB8315AAFFF000002F000100015180000E036161610000072200000000038000002E0001000151800113002F08000001518061549B9061436A0068D600021E29406258E17E46E40A3DB4CA1FD0ECB6014E01C7A2046E4ADE9573613A1AE8FC03ABC16ED91F6041D462F1C5F3C6BE491182D2E7EC80F32674D2C5E643936BD01C3EE71A743818254340F6E1A9F8D03BF5D1328674D77BD1460F70DB2724B382C1CB3373BD9371AEA1BDDE1AD69B02FA01F3F2FA47088DA69B3C0D684817E55E1FFE0462D7A943975E8030B841D88601C5EB93F3968E7A9C3D7AE8FC57C3E3B2D7E01F5220A1E91046B118CC55B384D02E6315BB051712A1B9A2643E7B25805A844BD6F13B1F319624D8AB9DB6009B218E4AA0AFA660745529601009F219D964C8139C48EBFD597B35E11615734BD7179B223A6F4D903723E2F5B2AF3F900674656E6E697300002F000100015180000E0474657661000006200000000013C2BA002E0001000151800113002F08010001518061549B9061436A0068D6009F6824B87A7AEA2CC0FC864EABEA8DD0D62076565650C33D1FF19666D416FBCC24F0AA85DC476D2D81EF78CCD42A55452205DD7A0A3B6B465C59B50DF677624AE42B5A26F729F6C1FF5399CD7108AED7FB3371F5BC1D786FEE6261CD2984C67BFBCEBDE3091AF6E68338F985F762257E4EDF8A3D14B925FDA91FE4EE9CF56604C89A36E4FA84D3514C08D2A0C08CBF25119C0C2B7FFB4FDD02B9BEE3E0A30D09AA03C03044FF9BDD97E434C45F1DEB4EFD78C55AD69DF874C7A809B502FA37566985FEB4983B2A8F8C1A0B2BC67D223D7B61B184D423ED42363AD3772F0992E0DF156B0136750719D0A13D2EFDCE907569A29E23245FB60B5783D41DB97D51D900002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{8CAF32E1-A4F8-4707-A36B-6A87FBB1BF84}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.767994-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33155",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "doh.test.",
"QTYPE": "1",
"XID": "26997",
"DNSSEC": "0",
"RCODE": "3",
"Port": "53330",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "101",
"PacketData": "0x69758183000100000001000003646F6804746573740000010001000006000100000384004001610C726F6F742D73657276657273036E657400056E73746C640C766572697369676E2D67727303636F6D0078776911000007080000038400093A8000015180",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "30",
"GUID": "{8CAF32E1-A4F8-4707-A36B-6A87FBB1BF84}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:37.768124-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "doh.test.example.com.",
"QTYPE": "1",
"XID": "54898",
"Port": "51546",
"BufferSize": "38",
"PacketData": "0xD6720100000100000000000003646F680474657374076578616D706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{6A0459C7-64EF-4362-9258-01CDF84C2053}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:37.768165-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "doh.test.example.com.",
"QTYPE": "1",
"XID": "54898",
"DNSSEC": "0",
"RCODE": "3",
"Port": "51546",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0xD6728583000100000001000003646F680474657374076578616D706C6503636F6D0000010001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{6A0459C7-64EF-4362-9258-01CDF84C2053}",
"EventReceivedTime": "2021-09-16T20:11:37.915297-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.255757-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "35615",
"Port": "37081",
"BufferSize": "44",
"PacketData": "0x8B1F01000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{3F8D5309-6B93-410D-9882-8FA1B682F51C}",
"EventReceivedTime": "2021-09-16T20:11:40.261540-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.255883-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "35615",
"DNSSEC": "0",
"RCODE": "0",
"Port": "37081",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "76",
"PacketData": "0x8B1F81800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001C00C00010001000000F400046810F9F9C00C00010001000000F400046810F8F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{3F8D5309-6B93-410D-9882-8FA1B682F51C}",
"EventReceivedTime": "2021-09-16T20:11:40.261540-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.255914-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "41239",
"Port": "37081",
"BufferSize": "44",
"PacketData": "0xA11701000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{83A5AC60-0260-4131-B195-331649B12912}",
"EventReceivedTime": "2021-09-16T20:11:40.274732-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.257007-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "41239",
"DNSSEC": "0",
"RCODE": "0",
"Port": "37081",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "100",
"PacketData": "0xA11781800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001C00C001C0001000000F400102606470000000000000000006810F8F9C00C001C0001000000F400102606470000000000000000006810F9F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{83A5AC60-0260-4131-B195-331649B12912}",
"EventReceivedTime": "2021-09-16T20:11:40.274732-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.454221-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "22343",
"Port": "55630",
"BufferSize": "29",
"PacketData": "0x574701000001000000000000076D6F7A696C6C61036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{EB25A0D2-95A9-4DE4-84A3-EB5FBE414EEE}",
"EventReceivedTime": "2021-09-16T20:11:40.274732-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.454324-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "22343",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55630",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0x574781800001000300000000076D6F7A696C6C61036F72670000010001C00C0001000100000E0D00042CEC485DC00C0001000100000E0D00042CEBF69BC00C0001000100000E0D00042CEC301F",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{EB25A0D2-95A9-4DE4-84A3-EB5FBE414EEE}",
"EventReceivedTime": "2021-09-16T20:11:40.274732-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.454343-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "28738",
"Port": "55630",
"BufferSize": "29",
"PacketData": "0x704201000001000000000000076D6F7A696C6C61036F726700001C0001",
"AdditionalInfo": ".",
"GUID": "{FA180806-EC69-4A00-9C0E-70E79B198EBF}",
"EventReceivedTime": "2021-09-16T20:11:40.274732-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.454661-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "28738",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55630",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0x704281800001000000010000076D6F7A696C6C61036F726700001C0001C00C0006000100000039004409696E666F626C6F78310770726976617465046D646331076D6F7A696C6C6103636F6D000973797361646D696E73C00C78581ECA000000B4000000B4001275000000003C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{FA180806-EC69-4A00-9C0E-70E79B198EBF}",
"EventReceivedTime": "2021-09-16T20:11:40.274732-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.454693-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "9149",
"Port": "34383",
"BufferSize": "42",
"PacketData": "0x23BD010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{504CBA7B-108D-40B6-A2CC-13895F59E3B1}",
"EventReceivedTime": "2021-09-16T20:11:40.274732-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.454732-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "1",
"Port": "34383",
"XID": "9149",
"BufferSize": "42",
"PacketData": "0x23BD818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:40.274732-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.454758-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "1",
"Port": "34383",
"XID": "9149",
"BufferSize": "42",
"PacketData": "0x23BD818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:40.274732-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.454859-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "9149",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34383",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "153",
"PacketData": "0x23BD818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001C00C0005000100000039001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012900290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC06000010001000007050004226BDD52",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{504CBA7B-108D-40B6-A2CC-13895F59E3B1}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.454921-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "1202",
"Port": "34383",
"BufferSize": "42",
"PacketData": "0x04B2010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{615FBD14-360E-4D01-9401-AFD12A559B10}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.454963-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "28",
"Port": "34383",
"XID": "1202",
"BufferSize": "42",
"PacketData": "0x04B2818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.454987-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "28",
"Port": "34383",
"XID": "1202",
"BufferSize": "42",
"PacketData": "0x04B2818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.456400-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "1202",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34383",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "165",
"PacketData": "0x04B2818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001C00C0005000100000039001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012900290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC060001C000100000705001026001901000038D70000000000000000",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{615FBD14-360E-4D01-9401-AFD12A559B10}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.456467-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "31383",
"Port": "58712",
"BufferSize": "29",
"PacketData": "0x7A9701000001000000000000076D6F7A696C6C61036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{2431635F-FAA0-47D4-804E-3C7E334F171B}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.456555-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "31383",
"DNSSEC": "0",
"RCODE": "0",
"Port": "58712",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0x7A9781800001000300000000076D6F7A696C6C61036F72670000010001C00C0001000100000E0D00042CEBF69BC00C0001000100000E0D00042CEC301FC00C0001000100000E0D00042CEC485D",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{2431635F-FAA0-47D4-804E-3C7E334F171B}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.456567-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "59035",
"Port": "58712",
"BufferSize": "29",
"PacketData": "0xE69B01000001000000000000076D6F7A696C6C61036F726700001C0001",
"AdditionalInfo": ".",
"GUID": "{C917D7BA-CC74-4AEE-A946-5BD34DAD7F52}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.456606-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "59035",
"DNSSEC": "0",
"RCODE": "0",
"Port": "58712",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0xE69B81800001000000010000076D6F7A696C6C61036F726700001C0001C00C0006000100000039004409696E666F626C6F78310770726976617465046D646331076D6F7A696C6C6103636F6D000973797361646D696E73C00C78581ECA000000B4000000B4001275000000003C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{C917D7BA-CC74-4AEE-A946-5BD34DAD7F52}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.456624-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "1476",
"Port": "56243",
"BufferSize": "42",
"PacketData": "0x05C4010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{4E0FFA02-192B-493E-9A65-54C55F44927F}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.456786-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "1",
"Port": "56243",
"XID": "1476",
"BufferSize": "42",
"PacketData": "0x05C4818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.456811-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "1",
"Port": "56243",
"XID": "1476",
"BufferSize": "42",
"PacketData": "0x05C4818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.456884-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "1476",
"DNSSEC": "0",
"RCODE": "0",
"Port": "56243",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "153",
"PacketData": "0x05C4818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001C00C0005000100000039001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012900290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC06000010001000007050004226BDD52",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{4E0FFA02-192B-493E-9A65-54C55F44927F}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.456915-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "18376",
"Port": "56243",
"BufferSize": "42",
"PacketData": "0x47C8010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{70ABAECA-D095-434E-8D05-456462DAECE4}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.456935-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "28",
"Port": "56243",
"XID": "18376",
"BufferSize": "42",
"PacketData": "0x47C8818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.456952-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "28",
"Port": "56243",
"XID": "18376",
"BufferSize": "42",
"PacketData": "0x47C8818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.457403-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "18376",
"DNSSEC": "0",
"RCODE": "0",
"Port": "56243",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "165",
"PacketData": "0x47C8818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001C00C0005000100000039001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012900290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC060001C000100000705001026001901000038D70000000000000000",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{70ABAECA-D095-434E-8D05-456462DAECE4}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.457585-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "65384",
"Port": "38632",
"BufferSize": "29",
"PacketData": "0xFF6801000001000000000000076D6F7A696C6C61036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{EE993C00-C3B7-405D-8B2F-C30BBAF0BF2D}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.457662-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "65384",
"DNSSEC": "0",
"RCODE": "0",
"Port": "38632",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0xFF6881800001000300000000076D6F7A696C6C61036F72670000010001C00C0001000100000E0D00042CEC301FC00C0001000100000E0D00042CEC485DC00C0001000100000E0D00042CEBF69B",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{EE993C00-C3B7-405D-8B2F-C30BBAF0BF2D}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.457680-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "23916",
"Port": "38632",
"BufferSize": "29",
"PacketData": "0x5D6C01000001000000000000076D6F7A696C6C61036F726700001C0001",
"AdditionalInfo": ".",
"GUID": "{57DE79DD-A57C-4B54-BF92-7F45E9BC6B5C}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.457719-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "23916",
"DNSSEC": "0",
"RCODE": "0",
"Port": "38632",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0x5D6C81800001000000010000076D6F7A696C6C61036F726700001C0001C00C0006000100000039004409696E666F626C6F78310770726976617465046D646331076D6F7A696C6C6103636F6D000973797361646D696E73C00C78581ECA000000B4000000B4001275000000003C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{57DE79DD-A57C-4B54-BF92-7F45E9BC6B5C}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.466461-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "www.google.com.",
"QTYPE": "1",
"XID": "63392",
"Port": "51226",
"BufferSize": "32",
"PacketData": "0xF7A0010000010000000000000377777706676F6F676C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{D1503B40-F0E6-460A-8BB0-7414955BD4B6}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.466548-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "www.google.com.",
"QTYPE": "1",
"XID": "63392",
"DNSSEC": "0",
"RCODE": "0",
"Port": "51226",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0xF7A0818000010001000000000377777706676F6F676C6503636F6D0000010001C00C000100010000012A00048EFABE04",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{D1503B40-F0E6-460A-8BB0-7414955BD4B6}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.468974-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "google.com.",
"QTYPE": "1",
"XID": "36812",
"Port": "39035",
"BufferSize": "28",
"PacketData": "0x8FCC0100000100000000000006676F6F676C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{4FE4D4AC-C1AB-4BAB-BD5E-C3C865E54EBE}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.469002-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "google.com.",
"QTYPE": "1",
"XID": "36812",
"DNSSEC": "0",
"RCODE": "0",
"Port": "39035",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0x8FCC8180000100010000000006676F6F676C6503636F6D0000010001C00C000100010000012A0004ACD9050E",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{4FE4D4AC-C1AB-4BAB-BD5E-C3C865E54EBE}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.471555-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "forcesafesearch.google.com.",
"QTYPE": "1",
"XID": "3461",
"Port": "34304",
"BufferSize": "44",
"PacketData": "0x0D85010000010000000000000F666F7263657361666573656172636806676F6F676C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{C8ED1453-D14A-4EDC-8AEC-9EE7E0C74EF6}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.471875-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "forcesafesearch.google.com.",
"QTYPE": "1",
"XID": "3461",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34304",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "60",
"PacketData": "0x0D85818000010001000000000F666F7263657361666573656172636806676F6F676C6503636F6D0000010001C00C000100010001517E0004D8EF2678",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{C8ED1453-D14A-4EDC-8AEC-9EE7E0C74EF6}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.474671-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "www.youtube.com.",
"QTYPE": "1",
"XID": "57432",
"Port": "55633",
"BufferSize": "33",
"PacketData": "0xE058010000010000000000000377777707796F757475626503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{8C81AA4E-634B-4F09-8ABC-6AB5FB7443F5}",
"EventReceivedTime": "2021-09-16T20:11:40.290719-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.474703-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "youtube-ui.l.google.com.",
"QTYPE": "1",
"Port": "55633",
"XID": "57432",
"BufferSize": "33",
"PacketData": "0xE058818000010001000000000377777707796F757475626503636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.474782-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "www.youtube.com.",
"QTYPE": "1",
"XID": "57432",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55633",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "291",
"PacketData": "0xE05881800001000F000000000377777707796F757475626503636F6D0000010001C00C000500010001517E00160A796F75747562652D7569016C06676F6F676C65C018C02D000100010000012A00048EFABE0EC02D000100010000012A00048EFABE2EC02D000100010000012A00048EFABE4EC02D000100010000012A00048EFABE6EC02D000100010000012A00048EFABE8EC02D000100010000012A0004ACD9042EC02D000100010000012A0004ACD9050EC02D000100010000012A0004ACD904CEC02D000100010000012A00048EFABF6EC02D000100010000012A00048EFABF8EC02D000100010000012A00048EFABFAEC02D000100010000012A00048EFABFCEC02D000100010000012A00048EFABFEEC02D000100010000012A00048EFB200E",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{8C81AA4E-634B-4F09-8ABC-6AB5FB7443F5}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.476127-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "17788",
"Port": "46808",
"BufferSize": "29",
"PacketData": "0x457C01000001000000000000076D6F7A696C6C61036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{3BA6EABE-30E0-4892-932F-41957D97B5EC}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.476215-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "17788",
"DNSSEC": "0",
"RCODE": "0",
"Port": "46808",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0x457C81800001000300000000076D6F7A696C6C61036F72670000010001C00C0001000100000E0D00042CEC485DC00C0001000100000E0D00042CEBF69BC00C0001000100000E0D00042CEC301F",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{3BA6EABE-30E0-4892-932F-41957D97B5EC}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.476231-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "48967",
"Port": "36261",
"BufferSize": "29",
"PacketData": "0xBF4701000001000000000000076D6F7A696C6C61036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{D7062385-F0E8-44BC-94F0-F085C566B0CD}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.476267-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "48967",
"DNSSEC": "0",
"RCODE": "0",
"Port": "36261",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0xBF4781800001000300000000076D6F7A696C6C61036F72670000010001C00C0001000100000E0D00042CEBF69BC00C0001000100000E0D00042CEC301FC00C0001000100000E0D00042CEC485D",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{D7062385-F0E8-44BC-94F0-F085C566B0CD}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.476277-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "1866",
"Port": "36261",
"BufferSize": "29",
"PacketData": "0x074A01000001000000000000076D6F7A696C6C61036F726700001C0001",
"AdditionalInfo": ".",
"GUID": "{AD861203-D2E7-4925-B4CA-76373BAB31CA}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.476324-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "1866",
"DNSSEC": "0",
"RCODE": "0",
"Port": "36261",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0x074A81800001000000010000076D6F7A696C6C61036F726700001C0001C00C0006000100000039004409696E666F626C6F78310770726976617465046D646331076D6F7A696C6C6103636F6D000973797361646D696E73C00C78581ECA000000B4000000B4001275000000003C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{AD861203-D2E7-4925-B4CA-76373BAB31CA}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.476347-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "28316",
"Port": "57329",
"BufferSize": "42",
"PacketData": "0x6E9C010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{D592FBBD-E1C3-4A92-BCF1-ED1B45D244B7}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.476562-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "1",
"Port": "57329",
"XID": "28316",
"BufferSize": "42",
"PacketData": "0x6E9C818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.476600-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "1",
"Port": "57329",
"XID": "28316",
"BufferSize": "42",
"PacketData": "0x6E9C818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.476954-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "1",
"XID": "28316",
"DNSSEC": "0",
"RCODE": "0",
"Port": "57329",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "153",
"PacketData": "0x6E9C818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D0000010001C00C0005000100000039001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012900290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC06000010001000007050004226BDD52",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{D592FBBD-E1C3-4A92-BCF1-ED1B45D244B7}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.476979-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "51353",
"Port": "57329",
"BufferSize": "42",
"PacketData": "0xC899010000010000000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{3DD77BDD-BD70-44E2-B2FD-8DC94E4ABF84}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.477003-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "detectportal.prod.mozaws.net.",
"QTYPE": "28",
"Port": "57329",
"XID": "51353",
"BufferSize": "42",
"PacketData": "0xC899818000010001000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.477016-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "prod.detectportal.prod.cloudops.mozgcp.net.",
"QTYPE": "28",
"Port": "57329",
"XID": "51353",
"BufferSize": "42",
"PacketData": "0xC899818000010002000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.477113-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "detectportal.firefox.com.",
"QTYPE": "28",
"XID": "51353",
"DNSSEC": "0",
"RCODE": "0",
"Port": "57329",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "165",
"PacketData": "0xC899818000010003000000000C646574656374706F7274616C0766697265666F7803636F6D00001C0001C00C0005000100000039001E0C646574656374706F7274616C0470726F64066D6F7A617773036E657400C036000500010000012900290470726F640C646574656374706F7274616C0470726F6408636C6F75646F7073066D6F7A676370C04FC060001C000100000705001026001901000038D70000000000000000",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{3DD77BDD-BD70-44E2-B2FD-8DC94E4ABF84}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.477134-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "4502",
"Port": "60682",
"BufferSize": "29",
"PacketData": "0x119601000001000000000000076D6F7A696C6C61036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{3E9E581F-A8F4-4B92-B142-023DA3AFF816}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.477176-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "1",
"XID": "4502",
"DNSSEC": "0",
"RCODE": "0",
"Port": "60682",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0x119681800001000300000000076D6F7A696C6C61036F72670000010001C00C0001000100000E0D00042CEC301FC00C0001000100000E0D00042CEC485DC00C0001000100000E0D00042CEBF69B",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{3E9E581F-A8F4-4B92-B142-023DA3AFF816}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.477192-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "21914",
"Port": "60682",
"BufferSize": "29",
"PacketData": "0x559A01000001000000000000076D6F7A696C6C61036F726700001C0001",
"AdditionalInfo": ".",
"GUID": "{A69A445D-258A-45ED-A713-95EE628A7E57}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.477293-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.org.",
"QTYPE": "28",
"XID": "21914",
"DNSSEC": "0",
"RCODE": "0",
"Port": "60682",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "109",
"PacketData": "0x559A81800001000000010000076D6F7A696C6C61036F726700001C0001C00C0006000100000039004409696E666F626C6F78310770726976617465046D646331076D6F7A696C6C6103636F6D000973797361646D696E73C00C78581ECA000000B4000000B4001275000000003C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{A69A445D-258A-45ED-A713-95EE628A7E57}",
"EventReceivedTime": "2021-09-16T20:11:40.306845-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.483253-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "m.youtube.com.",
"QTYPE": "1",
"XID": "64826",
"Port": "41984",
"BufferSize": "31",
"PacketData": "0xFD3A01000001000000000000016D07796F757475626503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{1473C362-BEB3-4CF0-B124-68E4E2ACACB7}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.483444-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "m.youtube.com.",
"QTYPE": "1",
"XID": "64826",
"DNSSEC": "0",
"RCODE": "0",
"Port": "41984",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "47",
"PacketData": "0xFD3A81800001000100000000016D07796F757475626503636F6D0000010001C00C000100010000012A00048EFABF8E",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{1473C362-BEB3-4CF0-B124-68E4E2ACACB7}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.485142-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "youtubei.googleapis.com.",
"QTYPE": "1",
"XID": "29765",
"Port": "37499",
"BufferSize": "41",
"PacketData": "0x74450100000100000000000008796F7574756265690A676F6F676C656170697303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{567CC0D1-457A-4BDD-883A-F0AF6167EA7C}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.485201-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "youtubei.googleapis.com.",
"QTYPE": "1",
"XID": "29765",
"DNSSEC": "0",
"RCODE": "0",
"Port": "37499",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "57",
"PacketData": "0x74458180000100010000000008796F7574756265690A676F6F676C656170697303636F6D0000010001C00C000100010000012A00048EFABF6A",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{567CC0D1-457A-4BDD-883A-F0AF6167EA7C}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.486626-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "youtube.googleapis.com.",
"QTYPE": "1",
"XID": "11882",
"Port": "49880",
"BufferSize": "40",
"PacketData": "0x2E6A0100000100000000000007796F75747562650A676F6F676C656170697303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{15D82077-9B4C-465E-98FD-4E2341BAC677}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.486688-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "youtube.googleapis.com.",
"QTYPE": "1",
"XID": "11882",
"DNSSEC": "0",
"RCODE": "0",
"Port": "49880",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "56",
"PacketData": "0x2E6A8180000100010000000007796F75747562650A676F6F676C656170697303636F6D0000010001C00C000100010000012A00048EFABFEA",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{15D82077-9B4C-465E-98FD-4E2341BAC677}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.488581-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "www.youtube-nocookie.com.",
"QTYPE": "1",
"XID": "20440",
"Port": "58847",
"BufferSize": "42",
"PacketData": "0x4FD8010000010000000000000377777710796F75747562652D6E6F636F6F6B696503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{17667B06-4B39-4EEF-B61D-FAF781D26035}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.488604-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "youtube-ui.l.google.com.",
"QTYPE": "1",
"Port": "58847",
"XID": "20440",
"BufferSize": "42",
"PacketData": "0x4FD8818000010001000000000377777710796F75747562652D6E6F636F6F6B696503636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.488673-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "www.youtube-nocookie.com.",
"QTYPE": "1",
"XID": "20440",
"DNSSEC": "0",
"RCODE": "0",
"Port": "58847",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "300",
"PacketData": "0x4FD881800001000F000000000377777710796F75747562652D6E6F636F6F6B696503636F6D0000010001C00C000500010001517E00160A796F75747562652D7569016C06676F6F676C65C021C036000100010000012A00048EFABE2EC036000100010000012A00048EFABE4EC036000100010000012A00048EFABE6EC036000100010000012A00048EFABE8EC036000100010000012A0004ACD9042EC036000100010000012A0004ACD9050EC036000100010000012A0004ACD904CEC036000100010000012A00048EFABF6EC036000100010000012A00048EFABF8EC036000100010000012A00048EFABFAEC036000100010000012A00048EFABFCEC036000100010000012A00048EFABFEEC036000100010000012A00048EFB200EC036000100010000012A00048EFABE0E",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{17667B06-4B39-4EEF-B61D-FAF781D26035}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.490896-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "restrict.youtube.com.",
"QTYPE": "1",
"XID": "53752",
"Port": "60761",
"BufferSize": "38",
"PacketData": "0xD1F80100000100000000000008726573747269637407796F757475626503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{A5ECF7AF-07F6-4C45-ABF8-B12AE129A54E}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.490949-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "restrict.youtube.com.",
"QTYPE": "1",
"XID": "53752",
"DNSSEC": "0",
"RCODE": "0",
"Port": "60761",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "54",
"PacketData": "0xD1F88180000100010000000008726573747269637407796F757475626503636F6D0000010001C00C0001000100000E0E0004D8EF2678",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{A5ECF7AF-07F6-4C45-ABF8-B12AE129A54E}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.492411-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "restrictmoderate.youtube.com.",
"QTYPE": "1",
"XID": "21605",
"Port": "35736",
"BufferSize": "46",
"PacketData": "0x5465010000010000000000001072657374726963746D6F64657261746507796F757475626503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{9E193754-A177-4346-A2B1-C329D9063A5F}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.492573-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "restrictmoderate.youtube.com.",
"QTYPE": "1",
"XID": "21605",
"DNSSEC": "0",
"RCODE": "0",
"Port": "35736",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "62",
"PacketData": "0x5465818000010001000000001072657374726963746D6F64657261746507796F757475626503636F6D0000010001C00C0001000100000E0E0004D8EF2677",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{9E193754-A177-4346-A2B1-C329D9063A5F}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.494166-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "sitereview.zscaler.com.",
"QTYPE": "1",
"XID": "17663",
"Port": "41233",
"BufferSize": "40",
"PacketData": "0x44FF010000010000000000000A73697465726576696577077A7363616C657203636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{C26E368A-7A50-4B60-948F-F12FFFC3414A}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.494219-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "sitereview.zscaler.com.",
"QTYPE": "1",
"XID": "17663",
"DNSSEC": "0",
"RCODE": "0",
"Port": "41233",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "56",
"PacketData": "0x44FF818000010001000000000A73697465726576696577077A7363616C657203636F6D0000010001C00C000100010000012A0004C7A89456",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{C26E368A-7A50-4B60-948F-F12FFFC3414A}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.497307-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "use-application-dns.net.",
"QTYPE": "1",
"XID": "4575",
"Port": "54533",
"BufferSize": "41",
"PacketData": "0x11DF01000001000000000000137573652D6170706C69636174696F6E2D646E73036E65740000010001",
"AdditionalInfo": ".",
"GUID": "{0C08AAC1-BEDC-4816-8609-DAD7113B760D}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.497364-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "use-application-dns.net.",
"QTYPE": "1",
"XID": "4575",
"DNSSEC": "0",
"RCODE": "0",
"Port": "54533",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "89",
"PacketData": "0x11DF81800001000300000000137573652D6170706C69636174696F6E2D646E73036E65740000010001C00C000100010000025600042CEC301FC00C000100010000025600042CEBF69BC00C000100010000025600042CEC485D",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{0C08AAC1-BEDC-4816-8609-DAD7113B760D}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.506715-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "doh.test.",
"QTYPE": "1",
"XID": "26227",
"Port": "46773",
"BufferSize": "26",
"PacketData": "0x66730100000100000000000003646F6804746573740000010001",
"AdditionalInfo": ".",
"GUID": "{B20724B4-A138-42C9-A1A9-1679D48DCBE1}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.506777-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33155",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "doh.test.",
"QTYPE": "1",
"XID": "26227",
"DNSSEC": "0",
"RCODE": "3",
"Port": "46773",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "101",
"PacketData": "0x66738183000100000001000003646F6804746573740000010001000006000100000382004001610C726F6F742D73657276657273036E657400056E73746C640C766572697369676E2D67727303636F6D0078776911000007080000038400093A8000015180",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{B20724B4-A138-42C9-A1A9-1679D48DCBE1}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.507034-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "doh.test.example.com.",
"QTYPE": "1",
"XID": "62599",
"Port": "56069",
"BufferSize": "38",
"PacketData": "0xF4870100000100000000000003646F680474657374076578616D706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{E2FF6F94-6043-4293-9F77-A2BA0BBAA2DE}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.507068-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "doh.test.example.com.",
"QTYPE": "1",
"XID": "62599",
"DNSSEC": "0",
"RCODE": "3",
"Port": "56069",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0xF4878583000100000001000003646F680474657374076578616D706C6503636F6D0000010001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{E2FF6F94-6043-4293-9F77-A2BA0BBAA2DE}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.507360-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "doh.test.",
"QTYPE": "1",
"XID": "3769",
"Port": "41365",
"BufferSize": "26",
"PacketData": "0x0EB90100000100000000000003646F6804746573740000010001",
"AdditionalInfo": ".",
"GUID": "{FF604786-E6D0-447B-94E9-46B4C4AB6980}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.507592-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33155",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "doh.test.",
"QTYPE": "1",
"XID": "3769",
"DNSSEC": "0",
"RCODE": "3",
"Port": "41365",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "101",
"PacketData": "0x0EB98183000100000001000003646F6804746573740000010001000006000100000382004001610C726F6F742D73657276657273036E657400056E73746C640C766572697369676E2D67727303636F6D0078776911000007080000038400093A8000015180",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{FF604786-E6D0-447B-94E9-46B4C4AB6980}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.507616-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "doh.test.example.com.",
"QTYPE": "1",
"XID": "39027",
"Port": "38075",
"BufferSize": "38",
"PacketData": "0x98730100000100000000000003646F680474657374076578616D706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{80BBD5C6-6787-40E3-8FDD-531221DBF969}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.507649-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "doh.test.example.com.",
"QTYPE": "1",
"XID": "39027",
"DNSSEC": "0",
"RCODE": "3",
"Port": "38075",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0x98738583000100000001000003646F680474657374076578616D706C6503636F6D0000010001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{80BBD5C6-6787-40E3-8FDD-531221DBF969}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.837398-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "wdcp.microsoft.com.",
"QTYPE": "1",
"XID": "39648",
"Port": "50813",
"BufferSize": "36",
"PacketData": "0x9AE0010000010000000000000477646370096D6963726F736F667403636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{796A79CA-659F-4B98-A420-572624FF68F9}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.837420-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "wd-prod-cp.trafficmanager.net.",
"QTYPE": "1",
"Port": "50813",
"XID": "39648",
"BufferSize": "36",
"PacketData": "0x9AE0818000010001000000000477646370096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:39.837513-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "wd-prod-cp.trafficmanager.NET.",
"QTYPE": "1",
"QXID": "39648",
"XID": "36372",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0x8E14000000010000000000010A77642D70726F642D63700E747261666669636D616E61676572034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{796A79CA-659F-4B98-A420-572624FF68F9}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:39.838436-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "wdcp.microsoft.com.",
"QTYPE": "28",
"XID": "41892",
"Port": "56417",
"BufferSize": "36",
"PacketData": "0xA3A4010000010000000000000477646370096D6963726F736F667403636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{5788DDC1-D6C1-4C8B-A6E1-B22C317A3E8F}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.838447-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "wd-prod-cp.trafficmanager.net.",
"QTYPE": "28",
"Port": "56417",
"XID": "41892",
"BufferSize": "36",
"PacketData": "0xA3A4818000010001000000000477646370096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:39.838522-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "wd-prod-cp.trafficmanager.NET.",
"QTYPE": "28",
"QXID": "41892",
"XID": "18368",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0x47C0000000010000000000010A77642D70726F642D63700E747261666669636D616E61676572034E455400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{5788DDC1-D6C1-4C8B-A6E1-B22C317A3E8F}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:39.859495-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "wd-prod-cp.trafficmanager.NET.",
"QTYPE": "1",
"XID": "36372",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "121",
"PacketData": "0x8E14842000010001000000010A77642D70726F642D63700E747261666669636D616E61676572034E45540000010001C00C000500010000012C00331777642D70726F642D63702D75732D776573742D322D66650677657374757308636C6F756461707005617A75726503636F6D0000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{796A79CA-659F-4B98-A420-572624FF68F9}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.859518-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "wd-prod-cp-us-west-2-fe.westus.cloudapp.azure.com.",
"QTYPE": "1",
"Port": "50813",
"XID": "39648",
"BufferSize": "36",
"PacketData": "0x9AE0818000010002000000000477646370096D6963726F736F667403636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:39.859763-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2603:1061::2",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "wd-prod-cp-us-west-2-fe.westus.cloudapp.azure.com.",
"QTYPE": "1",
"QXID": "39648",
"XID": "50302",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "78",
"PacketData": "0xC47E000000010000000000011777642D70726F642D63702D75732D776573742D322D66650677657374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{796A79CA-659F-4B98-A420-572624FF68F9}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:39.861740-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "13.107.222.240",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "wd-prod-cp.trafficmanager.NET.",
"QTYPE": "28",
"XID": "18368",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "121",
"PacketData": "0x47C0842000010001000000010A77642D70726F642D63700E747261666669636D616E61676572034E455400001C0001C00C000500010000012C00331777642D70726F642D63702D75732D776573742D322D66650677657374757308636C6F756461707005617A75726503636F6D0000002904D0000000000000",
"AdditionalInfo": ".",
"GUID": "{5788DDC1-D6C1-4C8B-A6E1-B22C317A3E8F}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:11:39.861757-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "wd-prod-cp-us-west-2-fe.westus.cloudapp.azure.com.",
"QTYPE": "28",
"Port": "56417",
"XID": "41892",
"BufferSize": "36",
"PacketData": "0xA3A4818000010002000000000477646370096D6963726F736F667403636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:11:39.861814-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2603:1061::2",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "wd-prod-cp-us-west-2-fe.westus.cloudapp.azure.com.",
"QTYPE": "28",
"QXID": "41892",
"XID": "12042",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "78",
"PacketData": "0x2F0A000000010000000000011777642D70726F642D63702D75732D776573742D322D66650677657374757308636C6F756461707005617A75726503636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{5788DDC1-D6C1-4C8B-A6E1-B22C317A3E8F}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:39.888168-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2603:1061::2",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "wd-prod-cp-us-west-2-fe.westus.cloudapp.azure.com.",
"QTYPE": "28",
"XID": "12042",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "148",
"PacketData": "0x2F0A840000010000000100011777642D70726F642D63702D75732D776573742D322D66650677657374757308636C6F756461707005617A75726503636F6D00001C0001C024000600010000003C003A066E73312D303209617A7572652D646E73C03A066D736E687374096D6963726F736F6674C03A00002711000003840000012C00093A800000003C00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{5788DDC1-D6C1-4C8B-A6E1-B22C317A3E8F}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.888220-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "wdcp.microsoft.com.",
"QTYPE": "28",
"XID": "41892",
"DNSSEC": "0",
"RCODE": "0",
"Port": "56417",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "139",
"PacketData": "0xA3A4818000010002000000000477646370096D6963726F736F667403636F6D00001C0001C00C00050001000008E8001F0A77642D70726F642D63700E747261666669636D616E61676572036E657400C030000500010000012C00301777642D70726F642D63702D75732D776573742D322D66650677657374757308636C6F756461707005617A757265C01B",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "49",
"GUID": "{5788DDC1-D6C1-4C8B-A6E1-B22C317A3E8F}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:11:39.889065-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2603:1061::2",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "wd-prod-cp-us-west-2-fe.westus.cloudapp.azure.com.",
"QTYPE": "1",
"XID": "50302",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "94",
"PacketData": "0xC47E840000010001000000011777642D70726F642D63702D75732D776573742D322D66650677657374757308636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D5B818000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{796A79CA-659F-4B98-A420-572624FF68F9}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:39.889106-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "wdcp.microsoft.com.",
"QTYPE": "1",
"XID": "39648",
"DNSSEC": "0",
"RCODE": "0",
"Port": "50813",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "155",
"PacketData": "0x9AE0818000010003000000000477646370096D6963726F736F667403636F6D0000010001C00C00050001000008E8001F0A77642D70726F642D63700E747261666669636D616E61676572036E657400C030000500010000012C00301777642D70726F642D63702D75732D776573742D322D66650677657374757308636C6F756461707005617A757265C01BC05B000100010000000A00040D5B8180",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "51",
"GUID": "{796A79CA-659F-4B98-A420-572624FF68F9}",
"EventReceivedTime": "2021-09-16T20:11:40.321822-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:46.383695-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "53209",
"Port": "51381",
"BufferSize": "44",
"PacketData": "0xCFD901000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{3E35430A-D604-497A-8D9E-662F0C64466C}",
"EventReceivedTime": "2021-09-16T20:11:47.370726-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:46.383880-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "53209",
"DNSSEC": "0",
"RCODE": "0",
"Port": "51381",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "76",
"PacketData": "0xCFD981800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001C00C00010001000000ED00046810F8F9C00C00010001000000ED00046810F9F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{3E35430A-D604-497A-8D9E-662F0C64466C}",
"EventReceivedTime": "2021-09-16T20:11:47.370726-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:11:46.384319-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "60371",
"Port": "51381",
"BufferSize": "44",
"PacketData": "0xEBD301000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{28851F51-2741-46AB-8E8F-48BA86F3B19E}",
"EventReceivedTime": "2021-09-16T20:11:47.370726-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:11:46.384407-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "60371",
"DNSSEC": "0",
"RCODE": "0",
"Port": "51381",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "100",
"PacketData": "0xEBD381800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001C00C001C0001000000ED00102606470000000000000000006810F9F9C00C001C0001000000ED00102606470000000000000000006810F8F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{28851F51-2741-46AB-8E8F-48BA86F3B19E}",
"EventReceivedTime": "2021-09-16T20:11:47.370726-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:18.083642-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "www.pool.ntp.org.",
"QTYPE": "1",
"XID": "13277",
"Port": "49298",
"BufferSize": "34",
"PacketData": "0x33DD010000010000000000000377777704706F6F6C036E7470036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.078419-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.083836-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "199.19.54.1",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "www.pool.ntp.org.",
"QTYPE": "1",
"QXID": "13277",
"XID": "3421",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "45",
"PacketData": "0x0D5D000000010000000000010377777704706F6F6C036E7470036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.078419-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.147109-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "199.19.54.1",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "www.pool.ntp.org.",
"QTYPE": "1",
"XID": "3421",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "744",
"PacketData": "0x0D5D800000010000000C00020377777704706F6F6C036E7470036F72670000010001C01500020001000151800014036E7333037032300664796E656374036E657400C0150002000100015180000F04646E7332047564656C0365647500C0150002000100015180000C05616E796E7303706368C03DC01500020001000151800006036E7331C032C01500020001000151800006036E7334C032C0150002000100015180000704646E7331C053C01500020001000151800006036E7332C032C0150002000100015180000E036E73310765766572657474C019203169383730766A3568343239766A39706369376172366539676B693734747237C0190032000100015180002B0101000A08332539EE7F95C32A140C907D989054FC4C24368D17E3C92EA2F87A23DD000722000000000290C0D8002E00010001518000970032080200015180615FB6E86143F9589B01036F726700841D156F0689C9A3DCB853C0C8F355DBF28D988578F5505781CC669DC9ECFB20D741FB3B43B0E0A1127FC316CC9CCA0882061718DFCE7440D60CF533BCAB33FCCD1DB661D3F340A642DB60FFB404E5527ADAD0F49C0E3B7856E739ABEC114BF7652D8FD50420F6E01B479C144E7B151F1DE0099038E32506C5011CA4E998239B206C67616E7137736232616D353037346B6264643233746D68713862696232726BC14E0032000100015180002A0101000A08332539EE7F95C32A14AC15DD9CAFD96830D5B46A8843CE2E8994F57D570006200000000012C1D3002E00010001518000970032080200015180615C6B1F6140AD8F9B01036F72670018813A20F863489EB37EE399DE01686450DC37824DAC69EFB6469CA1C90C4A4A459874788BB576818C95124C88648F3BA2669DCB6EA71DB8416E9AC7870D016A01206238977E0A8436D8A36B3E9129E62129DA4F3F8738B6A89F4B6002EE6F285E7F35F6427FE3E67B49C5F4C039F2244BB4DDE4BC84342B7423FDBD63F02735C0CA0001000100015180000442DC0DE500002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.078419-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.148371-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "66.220.13.229",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "www.pool.ntp.org.",
"QTYPE": "1",
"QXID": "13277",
"XID": "13646",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "45",
"PacketData": "0x354E000000010000000000010377777704706F6F6C036E7470036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.078419-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.210105-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "66.220.13.229",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "www.pool.ntp.org.",
"QTYPE": "1",
"XID": "13646",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "195",
"PacketData": "0x354E800000010000000900010377777704706F6F6C036E7470036F72670000010001C0100002000100093A80000A0166056E74706E73C019C0100002000100093A8000040165C030C0100002000100093A8000040163C030C0100002000100093A8000040164C030C0100002000100093A8000040162C030C0100002000100093A8000040169C030C0100002000100093A8000040167C030C0100002000100093A8000040161C030C0100002000100093A8000040168C0300000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.078419-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.211314-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:500:48::1",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "f.ntpns.org.",
"QTYPE": "1",
"QXID": "1",
"XID": "36556",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "40",
"PacketData": "0x8ECC000000010000000000010166056E74706E73036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.249127-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:500:48::1",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "f.ntpns.org.",
"QTYPE": "1",
"XID": "36556",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "682",
"PacketData": "0x8ECC800000010000000A00010166056E74706E73036F72670000010001C00E00020001000151800015036E7331026575086269746E616D657303636F6D00C01D00020001000151800009036E7331027573C030C01D00020001000151800009036E7332026575C030C01D00020001000151800009036E7332027573C030C01D00020001000151800006036E7333C078C01D0002000100015180000F05616E796E7303706368036E657400203169383730766A3568343239766A39706369376172366539676B693734747237C0140032000100015180002B0101000A08332539EE7F95C32A140C907D989054FC4C24368D17E3C92EA2F87A23DD000722000000000290203368316574716B336974666D63756263717467666D39716F737033306C343274C0140032000100015180002A0101000A08332539EE7F95C32A141C43482747F4F705A1DD4B8F111CC9A3B56EBB160006200000000012C0AA002E00010001518000970032080200015180615FB6E86143F9589B01036F726700841D156F0689C9A3DCB853C0C8F355DBF28D988578F5505781CC669DC9ECFB20D741FB3B43B0E0A1127FC316CC9CCA0882061718DFCE7440D60CF533BCAB33FCCD1DB661D3F340A642DB60FFB404E5527ADAD0F49C0E3B7856E739ABEC114BF7652D8FD50420F6E01B479C144E7B151F1DE0099038E32506C5011CA4E998239BC102002E00010001518000970032080200015180615C6B1F6140AD8F9B01036F72670039D019536F735B04CAEE015F8264104370F6579521056F87E7DD4D3AF3EDF00E7A991CF4457F6615B920DF3E9EC4698CE8141060AEFF9288BE0E1FD6E1447251BB97DF85FB2C68BC3EE2DD35D8E07047820E45123B2F29CE1AF83BDDA4A57E91D6383102C19167F91D0B580C9AAF02D684B081B1D9A9ECC6EBDA9C1C7EBF2D3300002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.251708-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "192.26.92.30",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns1.eu.bitnames.com.",
"QTYPE": "1",
"QXID": "1",
"XID": "9567",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0x255F00000001000000000001036E7331026575086269746E616D657303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.287583-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "192.26.92.30",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "ns1.eu.bitnames.com.",
"QTYPE": "1",
"XID": "9567",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "878",
"PacketData": "0x255F8000000100000009000A036E7331026575086269746E616D657303636F6D0000010001C013000200010002A3000002C00CC013000200010002A3000009036E7331027573C013C013000200010002A3000006036E7332C043C013000200010002A3000006036E7333C043C013000200010002A3000006036E7332C01020434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC01C003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C07E002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E65520563956344B4B344C44324350354D55304E323856444931515431525048333244C01C00320001000151800022010100000014FA7E503D5DAC8E672467B62EF732535B2260F6610006200000000012C191002E00010001518000B700320802000151806149A2D2614057EA99AF03636F6D0076FF51471A88DBE24E73095A950312E08228C95F3DAA85285030D32793A261F97AE1A146D7F00A88A2038E3168B4589551A43B26944014F57359DAC754C407795DAA1E577DDE0F596C483BA6111AE6988DE57F93E4335466276316F5BEBEB1CA82301B4E1D063A1720D9005EC75C6AA3ECD39A0EDAE0E6C0D1DB144B988ECE6E8C15D171927F1B2CD4D09C6C5561945CDF456957F198071D9B6FF61645E4A5DFC00C000100010002A3000004A5E385CEC00C001C00010002A30000102A03B0C0000300D00000000000C04001C03F000100010002A3000004B280BF7AC03F001C00010002A30000102604A880000200D0000000001CE87001C054000100010002A30000046BAAB6AEC066000100010002A30000048890347AC066001C00010002A300001026041380300088000000000000000001C078000100010002A3000004BCA63860C078001C00010002A30000102A03B0C0000200D000000000002010010000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.288880-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "188.166.56.96",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "ns1.eu.bitnames.com.",
"QTYPE": "1",
"QXID": "1",
"XID": "37240",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "48",
"PacketData": "0x917800000001000000000001036E7331026575086269746E616D657303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.398276-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "188.166.56.96",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "ns1.eu.bitnames.com.",
"QTYPE": "1",
"XID": "37240",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "64",
"PacketData": "0x917884000001000100000001036E7331026575086269746E616D657303636F6D0000010001C00C000100010002A3000004A5E385CE0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.398515-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2a03:b0c0:3:d0::c0:4001",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "f.ntpns.org.",
"QTYPE": "1",
"QXID": "1",
"XID": "23511",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "40",
"PacketData": "0x5BD7000000010000000000010166056E74706E73036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.524144-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2a03:b0c0:3:d0::c0:4001",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "f.ntpns.org.",
"QTYPE": "1",
"XID": "23511",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "88",
"PacketData": "0x5BD7840000010003000000010166056E74706E73036F72670000010001C00C000100010000E10000041F036962C00C000100010000E1000004677F7916C00C000100010000E1000004934B64970000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{00000000-0000-0000-0000-000000000000}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.525117-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "147.75.100.151",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "www.pool.ntp.org.",
"QTYPE": "1",
"QXID": "13277",
"XID": "32073",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "45",
"PacketData": "0x7D49000000010000000000010377777704706F6F6C036E7470036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.636824-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "147.75.100.151",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "www.pool.ntp.org.",
"QTYPE": "1",
"XID": "32073",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "93",
"PacketData": "0x7D49840000010001000000010377777704706F6F6C036E7470036F726700000100010377777704706F6F6C036E7470036F7267000005000100001C200014067777772D6C62076E7470706F6F6C036F7267000000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:18.636920-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "www-lb.ntppool.org.",
"QTYPE": "1",
"Port": "49298",
"XID": "13277",
"BufferSize": "34",
"PacketData": "0x33DD818000010001000000000377777704706F6F6C036E7470036F72670000010001",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.637651-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "199.249.112.1",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "www-lb.ntppool.org.",
"QTYPE": "1",
"QXID": "13277",
"XID": "59267",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "47",
"PacketData": "0xE78300000001000000000001067777772D6C62076E7470706F6F6C036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.684289-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "199.249.112.1",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "www-lb.ntppool.org.",
"QTYPE": "1",
"XID": "59267",
"RecursionDepth": "4",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "697",
"PacketData": "0xE783800000010000000A0001067777772D6C62076E7470706F6F6C036F72670000010001C01300020001000151800015036E7331026575086269746E616D657303636F6D00C02400020001000151800009036E7331027573C037C02400020001000151800006036E7332C055C02400020001000151800006036E7333C055C0240002000100015180000F05616E796E7303706368036E657400C02400020001000151800014056E732D6731086269746E616D657303636F6D00203169383730766A3568343239766A39706369376172366539676B693734747237C01B0032000100015180002B0101000A08332539EE7F95C32A140C907D989054FC4C24368D17E3C92EA2F87A23DD000722000000000290203968357237666D663070386D656B31347075746A6F656861366A636A716C6170C01B0032000100015180002A0101000A08332539EE7F95C32A144C4BEF8600101944F7AC9D2E1ED15767091C7B8C0006200000000012C0B9002E00010001518000970032080200015180615FB6E86143F9589B01036F726700841D156F0689C9A3DCB853C0C8F355DBF28D988578F5505781CC669DC9ECFB20D741FB3B43B0E0A1127FC316CC9CCA0882061718DFCE7440D60CF533BCAB33FCCD1DB661D3F340A642DB60FFB404E5527ADAD0F49C0E3B7856E739ABEC114BF7652D8FD50420F6E01B479C144E7B151F1DE0099038E32506C5011CA4E998239BC111002E00010001518000970032080200015180615C6B1F6140AD8F9B01036F726700736F7A2D3E9E79B26EEE17A401ED14029FB1CF4651CBD1CE8A84749D4FD4A5CEB969D98E6B11BF5ACC3B58C93CB6716CDD10442EA947AEE49532FC101A214183A8CC47452F840D2B56067EAA7EEF8F578EC29AF29776CB6A463AB6DF70361ABFB0C4899D4C2078B76D93B0E1A22586782DEFBE893792C130ADCF0BAAAD8E9EF500002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.684685-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "178.128.191.122",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "www-lb.ntppool.org.",
"QTYPE": "1",
"QXID": "13277",
"XID": "13843",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "47",
"PacketData": "0x361300000001000000000001067777772D6C62076E7470706F6F6C036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.735951-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "178.128.191.122",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "www-lb.ntppool.org.",
"QTYPE": "1",
"XID": "13843",
"RecursionDepth": "5",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "151",
"PacketData": "0x361384000001000300000001067777772D6C62076E7470706F6F6C036F72670000010001C00C0005000100000E1000100D7777772D6C622D666173746C79C013C030000500010000007800110E63646E2D666173746C792D736E69C013C04C0005000100000E100023096475616C737461636B016B03736E6906676C6F62616C06666173746C79036E6574000000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:18.736065-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "www-lb-fastly.ntppool.org.",
"QTYPE": "1",
"Port": "49298",
"XID": "13277",
"BufferSize": "34",
"PacketData": "0x33DD818000010002000000000377777704706F6F6C036E7470036F72670000010001",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:18.736100-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "cdn-fastly-sni.ntppool.org.",
"QTYPE": "1",
"Port": "49298",
"XID": "13277",
"BufferSize": "34",
"PacketData": "0x33DD818000010003000000000377777704706F6F6C036E7470036F72670000010001",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:18.736122-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "dualstack.k.sni.global.fastly.net.",
"QTYPE": "1",
"Port": "49298",
"XID": "13277",
"BufferSize": "34",
"PacketData": "0x33DD818000010004000000000377777704706F6F6C036E7470036F72670000010001",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.736994-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:502:7094::30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "dualstack.k.sni.global.fastly.NET.",
"QTYPE": "1",
"QXID": "13277",
"XID": "29631",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "62",
"PacketData": "0x73BF00000001000000000001096475616C737461636B016B03736E6906676C6F62616C06666173746C79034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.778924-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:502:7094::30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "dualstack.k.sni.global.fastly.NET.",
"QTYPE": "1",
"XID": "29631",
"RecursionDepth": "6",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "747",
"PacketData": "0x73BF80000001000000080005096475616C737461636B016B03736E6906676C6F62616C06666173746C79034E45540000010001C023000200010002A3000006036E7331C023C023000200010002A3000006036E7332C023C023000200010002A3000006036E7333C023C023000200010002A3000006036E7334C02320413152543938425335514743394E4649353153394843493437554C4A47364A48C02A003200010001518000230101000000145077EF3DF3A33A2D14993A1E874E1344D743C90B000722000000000290C07B002E00010001518000B700320802000151806149717C61402694FF62036E657400B6321648DFB0D93CE5875A4612080D3092669F8C1B7E7BA200F78095D14E072097269DDAB573C06E9DE1D637095BD0561D096122F515E3A42C71E1C545889FC3BA4016371DAC852CC727732B22E34129A97E424D82E9531B20698A87B307DCC9FC6FF6E3E3DA999E66D048E1E7B01688586CCBCA11D3604AD67C06119723641FAAEE7F8F982A0D36D6B39CC34CA9005DAB99EAF51A2B4D183DCC4C9C234EAA972041503234444531485132344E48564730355654554D3936533230303855304830C02A00320001000151800022010100000014564482399A4B132D615044921C5E1B29D04B11DD0006200000000012C18E002E00010001518000B70032080200015180614AC2CA614177E2FF62036E6574007CA8BB068A5CA6847845D5CA058501BA3A20CF7C80B6F9F9B739ABC002F9CDD0BAA9EC2EBAEE3D64BF9A0E2901724DEF7CA503FD25A47A5320437A1BFD8536FF7432F77DC2923794C22E0E6FD4E310617EFBEF5DC29AB17F79FC7856D467961E8F28BD6D1DB6B6292F6D417AC6570AD8E6D584E43D07901F5CFBB4D2F5EFD8396692AB06E34A14B13E723D3619733DAA95488C08CDD8A7C2EF8297BF9A95C99EC03F000100010002A300000417EB2020C051000100010002A3000004689C5020C063000100010002A300000417EB2420C075000100010002A3000004689C54200000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.779448-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "23.235.32.32",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "dualstack.k.sni.global.fastly.NET.",
"QTYPE": "1",
"QXID": "13277",
"XID": "25013",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "62",
"PacketData": "0x61B500000001000000000001096475616C737461636B016B03736E6906676C6F62616C06666173746C79034E455400000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.094207-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.799677-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "23.235.32.32",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "dualstack.k.sni.global.fastly.NET.",
"QTYPE": "1",
"XID": "25013",
"RecursionDepth": "7",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "150",
"PacketData": "0x61B584000001000100040001096475616C737461636B016B03736E6906676C6F62616C06666173746C79034E45540000010001C00C000100010000001E0004C7E87E89C0230002000100001C200006036E7331C023C0430002000100001C200006036E7332C023C0430002000100001C200006036E7333C023C0430002000100001C200006036E7334C02300002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.108896-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:18.800566-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "www.pool.ntp.org.",
"QTYPE": "1",
"XID": "13277",
"DNSSEC": "0",
"RCODE": "0",
"Port": "49298",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "183",
"PacketData": "0x33DD818000010005000000000377777704706F6F6C036E7470036F72670000010001C00C0005000100001C200011067777772D6C62076E7470706F6F6CC019C02E0005000100000E1000100D7777772D6C622D666173746C79C035C04B000500010000007800110E63646E2D666173746C792D736E69C035C0670005000100000E100023096475616C737461636B016B03736E6906676C6F62616C06666173746C79036E657400C084000100010000001E0004C7E87E89",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "716",
"GUID": "{1C4256F8-E302-45DB-9B36-CBA3AF2DF5D1}",
"EventReceivedTime": "2021-09-16T20:12:19.108896-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:18.801864-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "dualstack.k.sni.global.fastly.net.",
"QTYPE": "28",
"XID": "64020",
"Port": "38185",
"BufferSize": "51",
"PacketData": "0xFA1401000001000000000000096475616C737461636B016B03736E6906676C6F62616C06666173746C79036E657400001C0001",
"AdditionalInfo": ".",
"GUID": "{1F5B9759-80EF-4CB1-A2D0-D7B277CA996B}",
"EventReceivedTime": "2021-09-16T20:12:19.108896-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:18.801984-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "104.156.84.32",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "dualstack.k.sni.global.fastly.net.",
"QTYPE": "28",
"QXID": "64020",
"XID": "19282",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "62",
"PacketData": "0x4B5200000001000000000001096475616C737461636B016B03736E6906676C6F62616C06666173746C79036E657400001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{1F5B9759-80EF-4CB1-A2D0-D7B277CA996B}",
"EventReceivedTime": "2021-09-16T20:12:19.108896-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:18.821065-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "104.156.84.32",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "dualstack.k.sni.global.fastly.net.",
"QTYPE": "28",
"XID": "19282",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "162",
"PacketData": "0x4B5284000001000100040001096475616C737461636B016B03736E6906676C6F62616C06666173746C79036E657400001C0001C00C001C00010000001E00102A044E42002C00000000000000000649C0230002000100001C200006036E7331C023C04F0002000100001C200006036E7332C023C04F0002000100001C200006036E7333C023C04F0002000100001C200006036E7334C02300002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{1F5B9759-80EF-4CB1-A2D0-D7B277CA996B}",
"EventReceivedTime": "2021-09-16T20:12:19.108896-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:18.821123-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "dualstack.k.sni.global.fastly.net.",
"QTYPE": "28",
"XID": "64020",
"DNSSEC": "0",
"RCODE": "0",
"Port": "38185",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "79",
"PacketData": "0xFA1481800001000100000000096475616C737461636B016B03736E6906676C6F62616C06666173746C79036E657400001C0001C00C001C00010000001E00102A044E42002C00000000000000000649",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "19",
"GUID": "{1F5B9759-80EF-4CB1-A2D0-D7B277CA996B}",
"EventReceivedTime": "2021-09-16T20:12:19.108896-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:36.300465-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"XID": "59228",
"Port": "45652",
"BufferSize": "47",
"PacketData": "0xE75C0100000100000000000012636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{54FA624A-F6A2-4966-92B8-8C9D6D9D2E06}",
"EventReceivedTime": "2021-09-16T20:12:37.345384-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:36.300910-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:503:39c1::30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"QXID": "59228",
"XID": "47597",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0xB9ED0000000100000000000112636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{54FA624A-F6A2-4966-92B8-8C9D6D9D2E06}",
"EventReceivedTime": "2021-09-16T20:12:37.345384-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:36.325055-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:503:39c1::30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"XID": "47597",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "719",
"PacketData": "0xB9ED8000000100000007000412636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C0001C01F000200010002A3000010036E73310963616E6F6E6963616CC026C01F000200010002A3000006036E7332C03FC01F000200010002A3000006036E7333C03F20434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC026003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C06F002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E65520383934494F38414D394E445138564D383447504153475530514448464C465331C02600320001000151800022010100000014424932BEE2357785D77B222FA8B3D7932EA84F460006200000000012C182002E00010001518000B7003208020001518061496AF36140200B99AF03636F6D00374D6E2BB0EE7F1E91B1E8DEF33CDBE251DDBC3B73ED0E6BA3F4E2C113F91374BFBFA66A91E01CAD4923DF2DB205E8838633656212C4BA3070C2CB1C5B62AB26DAED0FE317DBCEE8A79C4B67D2E90CB1E4D63E45ADBB74CE3B0CBCAB678FA3038E6A68C29083515A14A8AE7298D4159863B8021EEBB0827141F769F911C0834D8B3CE0ABB5F63FA7D0804DF9C1BFBD63BEF314E33790E2E6A1816EADB15C21C7C03B000100010002A30000045BBD5EADC057000100010002A30000045BBD5F03C069000100010002A30000045BBD5B8B0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{54FA624A-F6A2-4966-92B8-8C9D6D9D2E06}",
"EventReceivedTime": "2021-09-16T20:12:37.345384-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:36.325231-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "91.189.91.139",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"QXID": "59228",
"XID": "34001",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "58",
"PacketData": "0x84D10000000100000000000112636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{54FA624A-F6A2-4966-92B8-8C9D6D9D2E06}",
"EventReceivedTime": "2021-09-16T20:12:37.345384-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:36.365531-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "91.189.91.139",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"XID": "34001",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "119",
"PacketData": "0x84D18400000100000001000112636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C0001C01F0006000100000E100031036E73310963616E6F6E6963616CC0260A686F73746D6173746572C03F7849112A00002A3000000E1000093A8000000E100000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{54FA624A-F6A2-4966-92B8-8C9D6D9D2E06}",
"EventReceivedTime": "2021-09-16T20:12:37.345384-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:36.365682-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"XID": "59228",
"DNSSEC": "0",
"RCODE": "0",
"Port": "45652",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "108",
"PacketData": "0xE75C8180000100000001000012636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C0001C01F00060001000003840031036E73310963616E6F6E6963616CC0260A686F73746D6173746572C03F7849112A00002A3000000E1000093A8000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "66",
"GUID": "{54FA624A-F6A2-4966-92B8-8C9D6D9D2E06}",
"EventReceivedTime": "2021-09-16T20:12:37.345384-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:36.366230-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "connectivity-check.ubuntu.com.example.com.",
"QTYPE": "28",
"XID": "37382",
"Port": "33468",
"BufferSize": "59",
"PacketData": "0x92060100000100000000000012636F6E6E65637469766974792D636865636B067562756E747503636F6D076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{6A75540C-1E22-485E-844C-27D6A400E40C}",
"EventReceivedTime": "2021-09-16T20:12:37.345384-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:36.366326-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "connectivity-check.ubuntu.com.example.com.",
"QTYPE": "28",
"XID": "37382",
"DNSSEC": "0",
"RCODE": "3",
"Port": "33468",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "131",
"PacketData": "0x92068583000100000001000012636F6E6E65637469766974792D636865636B067562756E747503636F6D076578616D706C6503636F6D00001C0001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{6A75540C-1E22-485E-844C-27D6A400E40C}",
"EventReceivedTime": "2021-09-16T20:12:37.345384-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:42.474176-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "64014",
"Port": "48977",
"BufferSize": "41",
"PacketData": "0xFA0E010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{275AC71A-C4F9-4036-AE9E-192A25BD7111}",
"EventReceivedTime": "2021-09-16T20:12:43.486034-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:42.474258-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "48977",
"XID": "64014",
"BufferSize": "41",
"PacketData": "0xFA0E818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:43.486034-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:42.474463-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"QXID": "64014",
"XID": "40536",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "87",
"PacketData": "0x9E58000000010000000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{275AC71A-C4F9-4036-AE9E-192A25BD7111}",
"EventReceivedTime": "2021-09-16T20:12:43.486034-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:42.474498-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "64260",
"Port": "48977",
"BufferSize": "41",
"PacketData": "0xFB04010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{A5623219-490E-455F-823F-6BB2C3DB6E14}",
"EventReceivedTime": "2021-09-16T20:12:43.486034-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:42.474524-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "48977",
"XID": "64260",
"BufferSize": "41",
"PacketData": "0xFB04818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:43.486034-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:42.474772-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"QXID": "64260",
"XID": "33102",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "87",
"PacketData": "0x814E000000010000000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{A5623219-490E-455F-823F-6BB2C3DB6E14}",
"EventReceivedTime": "2021-09-16T20:12:43.486034-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:42.493884-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"XID": "40536",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "260",
"PacketData": "0x9E58840000010005000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D0000010001C00C0001000100000004000436ED8551C00C0001000100000004000412CDDE80C00C0001000100000004000434CAA841C00C0001000100000004000436A1F12EC00C002E000100000004006100010D03000000046145592A6142B62AAE90096865726F6B75646E7303636F6D0052B6042571C23CD1B696D13079FC31EB74A14A9EB9C6FDEBA65A807F7F13AD042162FFAAAF421E7682642B4FD885091C26E439659040F90A7A61E3FE1FBDC47300002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{275AC71A-C4F9-4036-AE9E-192A25BD7111}",
"EventReceivedTime": "2021-09-16T20:12:43.501926-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:42.494508-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "64014",
"DNSSEC": "0",
"RCODE": "0",
"Port": "48977",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0xFA0E818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C000500010000090D00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000003000436ED8551C0350001000100000003000412CDDE80C0350001000100000003000434CAA841C0350001000100000003000436A1F12E",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "21",
"GUID": "{275AC71A-C4F9-4036-AE9E-192A25BD7111}",
"EventReceivedTime": "2021-09-16T20:12:43.501926-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:42.494575-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"XID": "33102",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "452",
"PacketData": "0x814E840000010000000400012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C0001C039000600010000000A003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C061614407990000025800000384001275000000000AC039002E00010000000A006100060D020000003C6145592A6142B62AAE90096865726F6B75646E7303636F6D00DBCF54ABCCC3D4301F0731EEB077C92B9831E890775728C2E7A9ABBFD40233CF096DF5FA7A75CAAF6760CFA66678DC7A690C0F114056656FE669D14732791C49C00C002F00010000000A004601002C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D000006400000000003C00C002E00010000000A0061002F0D030000000A6145592A6142B62AAE90096865726F6B75646E7303636F6D00AC04F359D4273E5663DE70728906CC01A6A28AF1600D8A1480C830FAC74C8767E653537EDD609BC096137D296E9C6EDA44BF4C16A4DF1BAB69A96B8D9C51DB2D00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{A5623219-490E-455F-823F-6BB2C3DB6E14}",
"EventReceivedTime": "2021-09-16T20:12:43.501926-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:42.495160-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "64260",
"DNSSEC": "0",
"RCODE": "0",
"Port": "48977",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0xFB04818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C000500010000090D00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "20",
"GUID": "{A5623219-490E-455F-823F-6BB2C3DB6E14}",
"EventReceivedTime": "2021-09-16T20:12:43.501926-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:43.264759-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "6498",
"Port": "36625",
"BufferSize": "41",
"PacketData": "0x1962010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{390576FA-EFDA-4853-BDF4-2AA6725248FC}",
"EventReceivedTime": "2021-09-16T20:12:43.501926-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:43.264788-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "36625",
"XID": "6498",
"BufferSize": "41",
"PacketData": "0x1962818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:43.501926-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:43.264854-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "6498",
"DNSSEC": "0",
"RCODE": "0",
"Port": "36625",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0x1962818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C000500010000090C00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000002000412CDDE80C0350001000100000002000434CAA841C0350001000100000002000436A1F12EC0350001000100000002000436ED8551",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{390576FA-EFDA-4853-BDF4-2AA6725248FC}",
"EventReceivedTime": "2021-09-16T20:12:43.501926-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:43.264872-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "42334",
"Port": "36625",
"BufferSize": "41",
"PacketData": "0xA55E010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{86FA94CA-3A68-46C6-AE73-63722A8FE647}",
"EventReceivedTime": "2021-09-16T20:12:43.501926-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:43.264882-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "36625",
"XID": "42334",
"BufferSize": "41",
"PacketData": "0xA55E818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:43.501926-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:43.264914-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "42334",
"DNSSEC": "0",
"RCODE": "0",
"Port": "36625",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "175",
"PacketData": "0xA55E818000010001000100000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C000500010000090C00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0620006000100000009003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C083614407990000025800000384001275000000000A",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{86FA94CA-3A68-46C6-AE73-63722A8FE647}",
"EventReceivedTime": "2021-09-16T20:12:43.501926-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:43.497782-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "1245",
"Port": "34264",
"BufferSize": "54",
"PacketData": "0x04DD010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{D322A169-7D2E-4814-8FDD-079D0180C781}",
"EventReceivedTime": "2021-09-16T20:12:44.486333-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:43.497828-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "34264",
"XID": "1245",
"BufferSize": "54",
"PacketData": "0x04DD818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:44.486333-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:43.498038-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.195.199",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"QXID": "1245",
"XID": "18472",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "49",
"PacketData": "0x4828000000010000000000010673332D312D7709616D617A6F6E61777303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D322A169-7D2E-4814-8FDD-079D0180C781}",
"EventReceivedTime": "2021-09-16T20:12:44.486333-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:43.498106-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "13274",
"Port": "34264",
"BufferSize": "54",
"PacketData": "0x33DA010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{7B216F75-B7E7-455C-B9E0-02D284107990}",
"EventReceivedTime": "2021-09-16T20:12:44.486333-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:43.498416-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "34264",
"XID": "13274",
"BufferSize": "54",
"PacketData": "0x33DA818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:44.486333-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:43.498795-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2600:9000:5303:c700::1",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"QXID": "13274",
"XID": "14831",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "49",
"PacketData": "0x39EF000000010000000000010673332D312D7709616D617A6F6E61777303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{7B216F75-B7E7-455C-B9E0-02D284107990}",
"EventReceivedTime": "2021-09-16T20:12:44.486333-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:43.527841-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "2600:9000:5303:c700::1",
"InterfaceIP": "::",
"AA": "1",
"AD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"XID": "14831",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "322",
"PacketData": "0x39EF842000010001000400090673332D312D7709616D617A6F6E61777303636F6D00001C0001C00C000500010000012500110473332D770975732D656173742D31C013C0130002000100000E100005027231C013C0130002000100000E100005027232C013C0130002000100000E100005027531C013C0130002000100000E100005027532C013C04F0001000100001C2B0004CDFBC01BC04F001C000100000DFF00102600900053001B000000000000000001C0600001000100001C2D0004CDFBC3C7C060001C000100000E1D0010260090005303C7000000000000000001C071000100010000070800049C9A400AC071001C000100000E09001020010502F3FF00000000000000000010C082000100010000070800049C9A410AC082001C000100000E170010261000A11014000000000000000000100000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{7B216F75-B7E7-455C-B9E0-02D284107990}",
"EventReceivedTime": "2021-09-16T20:12:44.486333-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:43.527907-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "34264",
"XID": "13274",
"BufferSize": "54",
"PacketData": "0x33DA818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:44.486333-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:43.528062-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.193.72",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"QXID": "13274",
"XID": "34945",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "57",
"PacketData": "0x8881000000010000000000010473332D770975732D656173742D3109616D617A6F6E61777303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{7B216F75-B7E7-455C-B9E0-02D284107990}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:43.536935-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "205.251.195.199",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"XID": "18472",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "322",
"PacketData": "0x4828842000010001000400090673332D312D7709616D617A6F6E61777303636F6D0000010001C00C000500010000012500110473332D770975732D656173742D31C013C0130002000100000E100005027231C013C0130002000100000E100005027232C013C0130002000100000E100005027531C013C0130002000100000E100005027532C013C04F0001000100001C2B0004CDFBC01BC04F001C000100000DFF00102600900053001B000000000000000001C0600001000100001C2D0004CDFBC3C7C060001C000100000E1D0010260090005303C7000000000000000001C071000100010000070800049C9A400AC071001C000100000E09001020010502F3FF00000000000000000010C082000100010000070800049C9A410AC082001C000100000E170010261000A11014000000000000000000100000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{D322A169-7D2E-4814-8FDD-079D0180C781}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:43.536977-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "34264",
"XID": "1245",
"BufferSize": "54",
"PacketData": "0x04DD818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:43.537117-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.193.72",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"QXID": "1245",
"XID": "56924",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "46",
"PacketData": "0xDE5C000000010000000000000473332D770975732D656173742D3109616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{D322A169-7D2E-4814-8FDD-079D0180C781}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:43.547379-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "205.251.193.72",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"XID": "34945",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "135",
"PacketData": "0x8881842000010000000100010473332D770975732D656173742D3109616D617A6F6E61777303636F6D00001C0001C00C00060001000038050042066E732D33323809617773646E732D3431C02511617773646E732D686F73746D617374657206616D617A6F6EC0250000000100001C200000038400127500000001250000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{7B216F75-B7E7-455C-B9E0-02D284107990}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:43.547431-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "13274",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34264",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "104",
"PacketData": "0x33DA818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A29000090673332D312D77C023C042000500010000012500110473332D770975732D656173742D31C023",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "50",
"GUID": "{7B216F75-B7E7-455C-B9E0-02D284107990}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:43.556257-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "205.251.193.72",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"XID": "56924",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "199",
"PacketData": "0xDE5C840000010001000400000473332D770975732D656173742D3109616D617A6F6E61777303636F6D0000010001C00C0001000100000005000434D9A121C00C00020001000038050017076E732D3131373309617773646E732D3138036F726700C00C00020001000038050019076E732D3136323009617773646E732D313002636F02756B00C00C00020001000038050013066E732D33323809617773646E732D3431C025C00C00020001000038050016066E732D36373409617773646E732D3230036E657400",
"AdditionalInfo": ".",
"GUID": "{D322A169-7D2E-4814-8FDD-079D0180C781}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:43.556406-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "1245",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34264",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0x04DD818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A29000090673332D312D77C023C042000500010000012500110473332D770975732D656173742D31C023C0570001000100000005000434D9A121",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "59",
"GUID": "{D322A169-7D2E-4814-8FDD-079D0180C781}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:43.765084-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "64280",
"Port": "56406",
"BufferSize": "54",
"PacketData": "0xFB18010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{984BDA84-B327-415C-A3C1-8CCC54F90207}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:43.765261-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "56406",
"XID": "64280",
"BufferSize": "54",
"PacketData": "0xFB18818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:43.765317-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "56406",
"XID": "64280",
"BufferSize": "54",
"PacketData": "0xFB18818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:43.766491-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "64280",
"DNSSEC": "0",
"RCODE": "0",
"Port": "56406",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0xFB18818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A29000090673332D312D77C023C042000500010000012500110473332D770975732D656173742D31C023C0570001000100000005000434D9A121",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{984BDA84-B327-415C-A3C1-8CCC54F90207}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:43.766576-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "46313",
"Port": "56406",
"BufferSize": "54",
"PacketData": "0xB4E9010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{AEA196C8-3446-436B-9B7F-AF98E6D87F35}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:43.766628-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "56406",
"XID": "46313",
"BufferSize": "54",
"PacketData": "0xB4E9818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:43.766665-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "56406",
"XID": "46313",
"BufferSize": "54",
"PacketData": "0xB4E9818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:43.766841-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "46313",
"DNSSEC": "0",
"RCODE": "0",
"Port": "56406",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "182",
"PacketData": "0xB4E9818000010002000100001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A29000090673332D312D77C023C042000500010000012500110473332D770975732D656173742D31C023C05700060001000001250042066E732D33323809617773646E732D3431C02D11617773646E732D686F73746D617374657206616D617A6F6EC02D0000000100001C20000003840012750000000125",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{AEA196C8-3446-436B-9B7F-AF98E6D87F35}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:44.030351-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "35113",
"Port": "45080",
"BufferSize": "41",
"PacketData": "0x8929010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{3F3FE6C2-CD79-4F24-813B-3A68DE3CE56A}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.031526-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "45080",
"XID": "35113",
"BufferSize": "41",
"PacketData": "0x8929818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:44.031921-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "35113",
"DNSSEC": "0",
"RCODE": "0",
"Port": "45080",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0x8929818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C000500010000090B00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000001000434CAA841C0350001000100000001000436A1F12EC0350001000100000001000436ED8551C0350001000100000001000412CDDE80",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "2",
"GUID": "{3F3FE6C2-CD79-4F24-813B-3A68DE3CE56A}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:44.031957-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "19234",
"Port": "45080",
"BufferSize": "41",
"PacketData": "0x4B22010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{65DAA113-F7F4-4ADA-9172-13A673454E9E}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.031977-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "45080",
"XID": "19234",
"BufferSize": "41",
"PacketData": "0x4B22818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:44.031977-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "19234",
"DNSSEC": "0",
"RCODE": "0",
"Port": "45080",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "175",
"PacketData": "0x4B22818000010001000100000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C000500010000090B00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0620006000100000008003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C083614407990000025800000384001275000000000A",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{65DAA113-F7F4-4ADA-9172-13A673454E9E}",
"EventReceivedTime": "2021-09-16T20:12:44.501722-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:44.504460-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "64238",
"Port": "42957",
"BufferSize": "54",
"PacketData": "0xFAEE010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{FF0C50BE-48CB-4C8E-A06B-4022100ED52E}",
"EventReceivedTime": "2021-09-16T20:12:45.487020-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.504495-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "42957",
"XID": "64238",
"BufferSize": "54",
"PacketData": "0xFAEE818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:45.487020-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.504509-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "42957",
"XID": "64238",
"BufferSize": "54",
"PacketData": "0xFAEE818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:45.487020-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:44.504586-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "64238",
"DNSSEC": "0",
"RCODE": "0",
"Port": "42957",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0xFAEE818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A28F00090673332D312D77C023C042000500010000012400110473332D770975732D656173742D31C023C0570001000100000004000434D9A121",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{FF0C50BE-48CB-4C8E-A06B-4022100ED52E}",
"EventReceivedTime": "2021-09-16T20:12:45.487020-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:44.504614-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "19170",
"Port": "42957",
"BufferSize": "54",
"PacketData": "0x4AE2010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{04EAC2B9-F1B4-4B20-904F-CBE4FAB10692}",
"EventReceivedTime": "2021-09-16T20:12:45.502574-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.504660-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "42957",
"XID": "19170",
"BufferSize": "54",
"PacketData": "0x4AE2818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:45.502574-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.504674-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "42957",
"XID": "19170",
"BufferSize": "54",
"PacketData": "0x4AE2818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:45.502574-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:44.504927-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "19170",
"DNSSEC": "0",
"RCODE": "0",
"Port": "42957",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "182",
"PacketData": "0x4AE2818000010002000100001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A28F00090673332D312D77C023C042000500010000012400110473332D770975732D656173742D31C023C05700060001000001240042066E732D33323809617773646E732D3431C02D11617773646E732D686F73746D617374657206616D617A6F6EC02D0000000100001C20000003840012750000000125",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{04EAC2B9-F1B4-4B20-904F-CBE4FAB10692}",
"EventReceivedTime": "2021-09-16T20:12:45.502574-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:44.676557-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "7834",
"Port": "59029",
"BufferSize": "54",
"PacketData": "0x1E9A010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{F9636608-0EDE-4A4E-9E3D-C996845DFEDE}",
"EventReceivedTime": "2021-09-16T20:12:45.502574-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.676577-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "59029",
"XID": "7834",
"BufferSize": "54",
"PacketData": "0x1E9A818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:45.502574-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.676583-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "59029",
"XID": "7834",
"BufferSize": "54",
"PacketData": "0x1E9A818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:45.502574-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:44.676623-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "7834",
"DNSSEC": "0",
"RCODE": "0",
"Port": "59029",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0x1E9A818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A28F00090673332D312D77C023C042000500010000012400110473332D770975732D656173742D31C023C0570001000100000004000434D9A121",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{F9636608-0EDE-4A4E-9E3D-C996845DFEDE}",
"EventReceivedTime": "2021-09-16T20:12:45.502574-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:44.676634-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "14740",
"Port": "59029",
"BufferSize": "54",
"PacketData": "0x3994010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{C91EFC13-D5AE-4EB3-BF7A-738958DD78CA}",
"EventReceivedTime": "2021-09-16T20:12:45.502574-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.676641-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "59029",
"XID": "14740",
"BufferSize": "54",
"PacketData": "0x3994818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:45.502574-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.676688-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "59029",
"XID": "14740",
"BufferSize": "54",
"PacketData": "0x3994818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:44.676726-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "14740",
"DNSSEC": "0",
"RCODE": "0",
"Port": "59029",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "182",
"PacketData": "0x3994818000010002000100001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A28F00090673332D312D77C023C042000500010000012400110473332D770975732D656173742D31C023C05700060001000001240042066E732D33323809617773646E732D3431C02D11617773646E732D686F73746D617374657206616D617A6F6EC02D0000000100001C20000003840012750000000125",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{C91EFC13-D5AE-4EB3-BF7A-738958DD78CA}",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:44.979317-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "3925",
"Port": "45802",
"BufferSize": "41",
"PacketData": "0x0F55010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{D5D73879-9E54-44DD-93A5-C8A1F2B131B5}",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.979374-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "45802",
"XID": "3925",
"BufferSize": "41",
"PacketData": "0x0F55818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:44.979778-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "3925",
"DNSSEC": "0",
"RCODE": "0",
"Port": "45802",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0x0F55818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C000500010000090A00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000000000436A1F12EC0350001000100000000000436ED8551C0350001000100000000000412CDDE80C0350001000100000000000434CAA841",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{D5D73879-9E54-44DD-93A5-C8A1F2B131B5}",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:44.979858-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "39004",
"Port": "45802",
"BufferSize": "41",
"PacketData": "0x985C010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{36B3B03A-C5B4-43F5-83F6-FD7D7B9C8687}",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:44.980062-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "45802",
"XID": "39004",
"BufferSize": "41",
"PacketData": "0x985C818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:44.980191-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "39004",
"DNSSEC": "0",
"RCODE": "0",
"Port": "45802",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "175",
"PacketData": "0x985C818000010001000100000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C000500010000090A00392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0620006000100000007003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C083614407990000025800000384001275000000000A",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{36B3B03A-C5B4-43F5-83F6-FD7D7B9C8687}",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:45.272092-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "51519",
"Port": "37631",
"BufferSize": "54",
"PacketData": "0xC93F010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{CCCBB7E3-A965-4F77-A61C-1171824162B2}",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.272756-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "37631",
"XID": "51519",
"BufferSize": "54",
"PacketData": "0xC93F818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.272798-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "37631",
"XID": "51519",
"BufferSize": "54",
"PacketData": "0xC93F818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:45.272984-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "51519",
"DNSSEC": "0",
"RCODE": "0",
"Port": "37631",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0xC93F818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A28E00090673332D312D77C023C042000500010000012300110473332D770975732D656173742D31C023C0570001000100000003000434D9A121",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{CCCBB7E3-A965-4F77-A61C-1171824162B2}",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:45.273047-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "26934",
"Port": "37631",
"BufferSize": "54",
"PacketData": "0x6936010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{3BBA1060-E992-4D4E-8A5A-DB21BBF304BC}",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.273087-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "37631",
"XID": "26934",
"BufferSize": "54",
"PacketData": "0x6936818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.273298-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "37631",
"XID": "26934",
"BufferSize": "54",
"PacketData": "0x6936818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:45.273993-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "26934",
"DNSSEC": "0",
"RCODE": "0",
"Port": "37631",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "182",
"PacketData": "0x6936818000010002000100001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A28E00090673332D312D77C023C042000500010000012300110473332D770975732D656173742D31C023C05700060001000001230042066E732D33323809617773646E732D3431C02D11617773646E732D686F73746D617374657206616D617A6F6EC02D0000000100001C20000003840012750000000125",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{3BBA1060-E992-4D4E-8A5A-DB21BBF304BC}",
"EventReceivedTime": "2021-09-16T20:12:45.517626-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:45.489431-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "27544",
"Port": "34113",
"BufferSize": "54",
"PacketData": "0x6B98010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{917D8F95-15EC-47EB-8C66-98EEE2B879DA}",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.489884-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "34113",
"XID": "27544",
"BufferSize": "54",
"PacketData": "0x6B98818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.489931-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "34113",
"XID": "27544",
"BufferSize": "54",
"PacketData": "0x6B98818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:45.490196-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "27544",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34113",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0x6B98818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A28E00090673332D312D77C023C042000500010000012300110473332D770975732D656173742D31C023C0570001000100000003000434D9A121",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{917D8F95-15EC-47EB-8C66-98EEE2B879DA}",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:45.490302-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "39811",
"Port": "34113",
"BufferSize": "54",
"PacketData": "0x9B83010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{059980B7-57EC-43D5-BF51-5BCEDA28F342}",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.490530-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "34113",
"XID": "39811",
"BufferSize": "54",
"PacketData": "0x9B83818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.490557-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "34113",
"XID": "39811",
"BufferSize": "54",
"PacketData": "0x9B83818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:45.490713-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "39811",
"DNSSEC": "0",
"RCODE": "0",
"Port": "34113",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "182",
"PacketData": "0x9B83818000010002000100001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A28E00090673332D312D77C023C042000500010000012300110473332D770975732D656173742D31C023C05700060001000001230042066E732D33323809617773646E732D3431C02D11617773646E732D686F73746D617374657206616D617A6F6EC02D0000000100001C20000003840012750000000125",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{059980B7-57EC-43D5-BF51-5BCEDA28F342}",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:45.852229-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "4311",
"Port": "57041",
"BufferSize": "54",
"PacketData": "0x10D7010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{4DB99BE5-7A67-453F-A641-D6105D4478B4}",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.852250-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "57041",
"XID": "4311",
"BufferSize": "54",
"PacketData": "0x10D7818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.852256-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "57041",
"XID": "4311",
"BufferSize": "54",
"PacketData": "0x10D7818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:45.852856-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "4311",
"DNSSEC": "0",
"RCODE": "0",
"Port": "57041",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0x10D7818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A28E00090673332D312D77C023C042000500010000012300110473332D770975732D656173742D31C023C0570001000100000003000434D9A121",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{4DB99BE5-7A67-453F-A641-D6105D4478B4}",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:45.852894-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "63698",
"Port": "57041",
"BufferSize": "54",
"PacketData": "0xF8D2010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{563CF91E-92FE-47DE-9BB8-466D045F2EE0}",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.852902-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "57041",
"XID": "63698",
"BufferSize": "54",
"PacketData": "0xF8D2818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:46.517471-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:45.852907-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "57041",
"XID": "63698",
"BufferSize": "54",
"PacketData": "0xF8D2818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:45.852997-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "63698",
"DNSSEC": "0",
"RCODE": "0",
"Port": "57041",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "182",
"PacketData": "0xF8D2818000010002000100001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A28E00090673332D312D77C023C042000500010000012300110473332D770975732D656173742D31C023C05700060001000001230042066E732D33323809617773646E732D3431C02D11617773646E732D686F73746D617374657206616D617A6F6EC02D0000000100001C20000003840012750000000125",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{563CF91E-92FE-47DE-9BB8-466D045F2EE0}",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:46.061401-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "23629",
"Port": "54259",
"BufferSize": "54",
"PacketData": "0x5C4D010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{8615DAFB-4CAB-420B-A642-A83D00C49397}",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:46.061428-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "1",
"Port": "54259",
"XID": "23629",
"BufferSize": "54",
"PacketData": "0x5C4D818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:46.061437-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "1",
"Port": "54259",
"XID": "23629",
"BufferSize": "54",
"PacketData": "0x5C4D818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:46.061491-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "1",
"XID": "23629",
"DNSSEC": "0",
"RCODE": "0",
"Port": "54259",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "120",
"PacketData": "0x5C4D818000010003000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D0000010001C00C000500010000A28D00090673332D312D77C023C042000500010000012200110473332D770975732D656173742D31C023C0570001000100000002000434D9A121",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{8615DAFB-4CAB-420B-A642-A83D00C49397}",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:46.061506-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "38729",
"Port": "54259",
"BufferSize": "54",
"PacketData": "0x9749010000010000000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{F9879E7A-9EAC-47D0-A440-793835429B2B}",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:46.061514-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-1-w.amazonaws.com.",
"QTYPE": "28",
"Port": "54259",
"XID": "38729",
"BufferSize": "54",
"PacketData": "0x9749818000010001000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:12:46.061519-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "s3-w.us-east-1.amazonaws.com.",
"QTYPE": "28",
"Port": "54259",
"XID": "38729",
"BufferSize": "54",
"PacketData": "0x9749818000010002000000001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:46.061681-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "hubstaff-production.s3.amazonaws.com.",
"QTYPE": "28",
"XID": "38729",
"DNSSEC": "0",
"RCODE": "0",
"Port": "54259",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "182",
"PacketData": "0x9749818000010002000100001368756273746166662D70726F64756374696F6E02733309616D617A6F6E61777303636F6D00001C0001C00C000500010000A28D00090673332D312D77C023C042000500010000012200110473332D770975732D656173742D31C023C05700060001000001220042066E732D33323809617773646E732D3431C02D11617773646E732D686F73746D617374657206616D617A6F6EC02D0000000100001C20000003840012750000000125",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{F9879E7A-9EAC-47D0-A440-793835429B2B}",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:46.095006-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "tick.nsit.gov.",
"QTYPE": "1",
"XID": "40356",
"Port": "52697",
"BufferSize": "31",
"PacketData": "0x9DA401000001000000000000047469636B046E73697403676F760000010001",
"AdditionalInfo": ".",
"GUID": "{9E3CFB6A-2611-4FC2-8935-CD0873E30BA0}",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:46.095190-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:503:c27::2:30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "tick.nsit.gov.",
"QTYPE": "1",
"QXID": "40356",
"XID": "64668",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "42",
"PacketData": "0xFC9C00000001000000000001047469636B046E73697403676F7600000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{9E3CFB6A-2611-4FC2-8935-CD0873E30BA0}",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:46.350779-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:503:c27::2:30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "tick.nsit.gov.",
"QTYPE": "1",
"XID": "64668",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "632",
"PacketData": "0xFC9C80000001000000060009047469636B046E73697403676F760000010001C016000200010002A300001301610B676F762D73657276657273036E657400C016000200010002A30000040162C02DC016000200010002A30000040163C02DC016000200010002A30000040164C02DC016002B00010001518000241E1208026BC949E638442EAD0BDAF0935763C8D003760384FF15EBBD5CE86BB5559561F0C016002E0001000151800113002B08010001518061549B9061436A0068D60010F34DDC000F6D8A8E4C72B50BB1B1E2F1D699782CABA2731CA256427E46C491E9DAAEDDB3584FA4EDDBF3924839842BAB89B0A1C1AFA76CBC7A92822053ECC2EE91A5106D8E88607ED571843C2FE1ECE52650D417829E71A00BABBD0C9D60E884A6DD2EDCAA985CF14EF8DED3CB9F739E7FDCBC834CB4E10C1DE073E368C5F2404E46D6CC6D7CD55F242298285CBE09FDE8266E1EADB67C3E3CE288CE5E15B63EDAC080B29B4BCF62290666EAED3CFC02A24A922437FFC42FD6F4B4568FE10CF4C7698847EC64C8A1371016A159503269F60A9C1E0A9643636DC069E61E143776C3D4C1734242EF127C5892B00665103CAF337C85E8347CA82067611494CB16C02B000100010002A300000445249D1EC04A000100010002A3000004D1707B1EC05A000100010002A30000044524991EC06A000100010002A30000045113C21EC02B001C00010002A300001020010500443100000000000000020030C04A001C00010002A300001026200074002700000000000000020030C05A001C00010002A300001026200074002800000000000000020030C06A001C00010002A30000102620007400290000000000000002003000002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{9E3CFB6A-2611-4FC2-8935-CD0873E30BA0}",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:46.350973-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2620:74:28::2:30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "tick.nsit.gov.",
"QTYPE": "1",
"QXID": "40356",
"XID": "20638",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "42",
"PacketData": "0x509E00000001000000000001047469636B046E73697403676F7600000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{9E3CFB6A-2611-4FC2-8935-CD0873E30BA0}",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:46.403857-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33795",
"TCP": "0",
"Source": "2620:74:28::2:30",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "tick.nsit.gov.",
"QTYPE": "1",
"XID": "20638",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "1142",
"PacketData": "0x509E84030001000000080001047469636B046E73697403676F760000010001C0160006000100015180003E01610B676F762D73657276657273036E65740004696E666F0C766572697369676E2D67727303636F6D006144073A00000E1000000384001BAF8000015180C016002E00010001518000B70006080100015180614D23426143E8C2E18703676F7600189ACBFBFC0C187C04531AADC2297C122BE47F3A8055ABC01C62B0D6FAC0283FF1BD6142CB35A55C71A19CC951F6442FF0C72D1AC1D23DF966FCC32CE4CAB352F98EF54E3F35F4EAA53E307629720EB6567526CC478BB443496F253E097760D68F6B7912F75DE10C6918B95A1594739E136B403DEF11EE1E2C03DC06CBAA012CB0A6810104746E08E84E9CC7C118CDCDB1CD40E5ACB31D4DAE923E2AAC477CA4203537384554313653374C544E5351315430414D4D3231474C32304F4A35473736C0160032000100015180002901000008064C44934802D31429D112DFA274B51174CC776B772EFDA945D03BA8000722000000000290C12C002E00010001518000B70032080200015180614ADDFD6141A37DE18703676F76008AC8BFAE82018E26F98C45E9084CAD1C0E0FE683B5D6B4D05B42D3BB9ACDB8E389F88E5513FE05D66B57FC66DFC515158A96A074C489CD9A7CB26FC3837990614C8094AA66B47B1E465ED9F66DE1A7F7FDCBF1376B36BAD3FF8225E1418269E7A2CEE76BD26F8A25834FC2A164C869E3A683B540274570EE8DB42FA51350FCD07FEF3F206D28C9EF4FD8103CCEF99E3404183B8276EE99BD45FF9BFA6EA94D782064336D6E61343965353067696775333331747074616C72313767386F35706370C0160032000100015180002301000008064C44934802D314691B6897875C2E2079B9BCB7EBD9B97371E33051000120C245002E00010001518000B70032080200015180614ADE2C6141A3ACE18703676F7600B1F94A3C9401F4285AC7E5A3D9DEF422045ADB778C504ECF66F56FA55DEE00ED5D89968E2A2297E556D45FC2BC1AD0C2BF7DB660A1804AD69CB3F2073E2C8166AE6D01EE4B1B27D14949E58913D4419F06C741AAAE37E32CEF3A6519CABF93D2DFFE9661643CFCE5698F010FC1B56FC516F77EEC09990410E2ACFF5286EA9FA31D767842B5C650371114E7D79D83D80C8E3CC3C957A06D4C0CB32BA905E8139F206B61363930666E61746E69716964373870766A6838623239746234703362696FC0160032000100015180002301000008064C44934802D314A2B2F0363F82B9E23B04B7CDC2D32551537AACFA000120C358002E00010001518000B70032080200015180614ADDEA6141A36AE18703676F7600217CB7C01013B21A933D7FCECCBE158FFD221FAE98737FBEE5EDA7486D26AA018CC27EC4361D71AB2047E04BE47750C9AAB048DC3E3F4940E1DF8554099D62B008E57590910B4F9AB9664CD6075B289DB6CBF83EC1ED2A3C23F1CD44069F565ECF9F632FD50C0E82D07BE6D897F0B2D749B45114EB045E8BBEF81046CE8D27824023FBDC4CD44111A7CCBAE4A1EA38BF12B8BCD419CC4A8988536AE10E28A1840000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{9E3CFB6A-2611-4FC2-8935-CD0873E30BA0}",
"EventReceivedTime": "2021-09-16T20:12:46.535659-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:46.403989-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33155",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "tick.nsit.gov.",
"QTYPE": "1",
"XID": "40356",
"DNSSEC": "0",
"RCODE": "3",
"Port": "52697",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "105",
"PacketData": "0x9DA481830001000000010000047469636B046E73697403676F760000010001C0160006000100000384003E01610B676F762D73657276657273036E65740004696E666F0C766572697369676E2D67727303636F6D006144073A00000E1000000384001BAF8000015180",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "309",
"GUID": "{9E3CFB6A-2611-4FC2-8935-CD0873E30BA0}",
"EventReceivedTime": "2021-09-16T20:12:46.548738-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:51.259501-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "tick.nist.gov.",
"QTYPE": "1",
"XID": "61249",
"Port": "60794",
"BufferSize": "31",
"PacketData": "0xEF4101000001000000000000047469636B046E69737403676F760000010001",
"AdditionalInfo": ".",
"GUID": "{4B1B1E44-5984-4526-B89D-04219F46C694}",
"EventReceivedTime": "2021-09-16T20:12:52.252259-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:51.259652-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "209.112.123.30",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "tick.nist.gov.",
"QTYPE": "1",
"QXID": "61249",
"XID": "64412",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "42",
"PacketData": "0xFB9C00000001000000000001047469636B046E69737403676F7600000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{4B1B1E44-5984-4526-B89D-04219F46C694}",
"EventReceivedTime": "2021-09-16T20:12:52.252259-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:51.296938-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "209.112.123.30",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "tick.nist.gov.",
"QTYPE": "1",
"XID": "64412",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "718",
"PacketData": "0xFB9C800000010000000A000B047469636B046E69737403676F760000010001C0110002000100015180000603676561C011C011000200010001518000070467656132C011C0110002000100015180000603626561C011C011000200010001518000070467656133C011C011000200010001518000070462656132C011C011002B000100000E100018CD23070141FB8043F5695CD3FB4B19CB4FF7083524ADEC59C011002B000100000E10002484DE0702F378CDAF7B41BEA12CA2732A8E203DFC8458331B6FB9EA8A666ABEAC4DE1DEF0C011002B000100000E100024CD23070289558E424B73D58C2F0CE91B0380B23016CADEE8F5FA3C9554814C406F954F1DC011002B000100000E10001884DE0701CE7F1942DE1C96F123FD32C7A46524CC75AC8B8CC011002E000100000E1000B7002B080200000E10614ADDF36141A373E18703676F76004BB1A810F742C19BAFE8A9B4B6B167DE8185C47B2680D6DD5EB72F2C6D69CCD201C0EC30AD44E8ED8D13A2D21B129ADED1F4221E5DBB0EDD2D2CAFA3886765B00CF9A04ED4039CEDC96AEBD3F3DC51D536CCB022C858EDE95B63CB248F4ADA9EBD79E25BAA0ECB5F31AB7DEB99D4FE1DEBD9484BC8B2153AE253D14FEF5D573E3720AA03ED25A85FB18B10855D5E368180657469E9447D4FC3BBB89E78DD6E23C02B0001000100015180000481060D03C02B001C000100015180001026100020600500130000000000000003C03D0001000100015180000481060D04C03D001C000100015180001026100020600500130000000000000004C0500001000100015180000484A3040AC050001C0001000151800010261000206B0100040000000000000010C0620001000100015180000481060EC1C062001C000100015180001026100020600521920000000000000193C0750001000100015180000484A3040BC075001C0001000151800010261000206B01000400000000000000110000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{4B1B1E44-5984-4526-B89D-04219F46C694}",
"EventReceivedTime": "2021-09-16T20:12:52.252259-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:51.298067-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2610:20:6005:13::4",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "tick.nist.gov.",
"QTYPE": "1",
"QXID": "61249",
"XID": "995",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "42",
"PacketData": "0x03E300000001000000000001047469636B046E69737403676F7600000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{4B1B1E44-5984-4526-B89D-04219F46C694}",
"EventReceivedTime": "2021-09-16T20:12:52.252259-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:51.335675-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2610:20:6005:13::4",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "tick.nist.gov.",
"QTYPE": "1",
"XID": "995",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "1037",
"PacketData": "0x03E384000001000000080001047469636B046E69737403676F760000010001203455384A55504B304D42384D5349444E37545352534F4B4D3050564D354E4946C011003200010000012C00300100000A0D44854351BF7744A000C2D5F07714279AB9597ACDB55AF53CA6BCE7B1AC8E6EAD608B000762018008000290C01F002E00010000012C009C003207030000012C614C09C06142CA46C551046E69737403676F76004A13D193D395D5E7DE5D54EA92B09AFCEA70CD3A30C4BABF254D8B7E3ABB132D2D0D2C3198371ADC4F894F2672E76551BB63E34724ACC1649891A4ED25BC849054F34F366F82BD6C62751C0AD2534D36101CC5D8C666D0CF2021AEEC8B810EC7DF28D023CD198B05D7AA8829E2EA3716C61E8414F58F0A6A29D96CA5316332A420414135394946354A4D51364652414C4945465241435151525538394D4C514B37C09A003200010000012C002F0100000A0D44854351BF7744A000C2D5F07714529EFAAD2463EAEFF518AF690E808B6912EEA67C0006000080000002C124002E00010000012C009C003207030000012C614C19156142DDD5C551046E69737403676F76007544A630AD5E30265C55E82B67F9249AB9246B0808C91B5B633DA26F7409521A58739F37204399C583936AA264E5B98562C8EF19E8F705439761E48C27B1218E82D2D7AD72B04C29D4488EB93EF18CBBA4F568E88827D00DD6F0F67FF12CB71CB7364AB68125086DB1010F249F455C221A0D512A05D2A53B89F097FCC44E42F620424C4B543850383438365439493435353331454F555541534941365532313053C19E003200010000012C002F0100000A0D44854351BF7744A000C2D5F077145D6CEABFBEAFF6A73A38903FE2AE5D63FE1960060006000080000002C228002E00010000012C009C003207030000012C614C24696142DC20C551046E69737403676F7600A52E7A9379F15D935963CCD8508003629DBACEAEE5076C1DAF6691C766C5D4CED28136386274D8CA33D2CBF7072B16B502EA2AC1A124B90FD69EDFFE9037C5879C1C48D8B7AF3C41E4CA367C74B33531113436E773F809203250DC1E40C41AE94116CF8E04073B2302F72542E46385F5809BCD56EB4E32CDCC337883CE2DC412C2A2000600010000012C002202676DC2A2066E65746F7073C2A2002D182400002A30000004380024EA000000012CC2A2002E00010000012C009C0006070200000708614D3E266143F596C551046E69737403676F76007FB12C9486F3C045E9654D44E2D6F00F43838EA076FF3109D4356B728ED1678BF97783DC48CEE31A9C4FC91DDDD1EC5A702ADC1E8C88D8F14D00096A366ED8DC46F6FC6E2E996CEADF82E1F5D5E12B5E70C4C4B4B7A695782F2A85AC467E17881D1CD97EDFAB941BC4176E482F3F710A80F83095C77EE19ECE4563029EBAD9290000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{4B1B1E44-5984-4526-B89D-04219F46C694}",
"EventReceivedTime": "2021-09-16T20:12:52.252259-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:51.335820-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "tick.nist.gov.",
"QTYPE": "1",
"XID": "61249",
"DNSSEC": "0",
"RCODE": "0",
"Port": "60794",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0xEF4181800001000000010000047469636B046E69737403676F760000010001C011000600010000012B002202676DC011066E65746F7073C011002D182400002A30000004380024EA000000012C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "77",
"GUID": "{4B1B1E44-5984-4526-B89D-04219F46C694}",
"EventReceivedTime": "2021-09-16T20:12:52.252259-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:12:51.336266-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "tick.nist.gov.",
"QTYPE": "28",
"XID": "49373",
"Port": "51652",
"BufferSize": "31",
"PacketData": "0xC0DD01000001000000000000047469636B046E69737403676F7600001C0001",
"AdditionalInfo": ".",
"GUID": "{3A26445D-6446-4A20-A35D-1C87EAF6B7B4}",
"EventReceivedTime": "2021-09-16T20:12:52.252259-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:12:51.336364-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "129.6.13.4",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "tick.nist.gov.",
"QTYPE": "28",
"QXID": "49373",
"XID": "52580",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "42",
"PacketData": "0xCD6400000001000000000001047469636B046E69737403676F7600001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{3A26445D-6446-4A20-A35D-1C87EAF6B7B4}",
"EventReceivedTime": "2021-09-16T20:12:52.252259-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:12:51.376102-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "129.6.13.4",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "tick.nist.gov.",
"QTYPE": "28",
"XID": "52580",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "1037",
"PacketData": "0xCD6484000001000000080001047469636B046E69737403676F7600001C0001203455384A55504B304D42384D5349444E37545352534F4B4D3050564D354E4946C011003200010000012C00300100000A0D44854351BF7744A000C2D5F07714279AB9597ACDB55AF53CA6BCE7B1AC8E6EAD608B000762018008000290C01F002E00010000012C009C003207030000012C614C09C06142CA46C551046E69737403676F76004A13D193D395D5E7DE5D54EA92B09AFCEA70CD3A30C4BABF254D8B7E3ABB132D2D0D2C3198371ADC4F894F2672E76551BB63E34724ACC1649891A4ED25BC849054F34F366F82BD6C62751C0AD2534D36101CC5D8C666D0CF2021AEEC8B810EC7DF28D023CD198B05D7AA8829E2EA3716C61E8414F58F0A6A29D96CA5316332A420414135394946354A4D51364652414C4945465241435151525538394D4C514B37C09A003200010000012C002F0100000A0D44854351BF7744A000C2D5F07714529EFAAD2463EAEFF518AF690E808B6912EEA67C0006000080000002C124002E00010000012C009C003207030000012C614C19156142DDD5C551046E69737403676F76007544A630AD5E30265C55E82B67F9249AB9246B0808C91B5B633DA26F7409521A58739F37204399C583936AA264E5B98562C8EF19E8F705439761E48C27B1218E82D2D7AD72B04C29D4488EB93EF18CBBA4F568E88827D00DD6F0F67FF12CB71CB7364AB68125086DB1010F249F455C221A0D512A05D2A53B89F097FCC44E42F620424C4B543850383438365439493435353331454F555541534941365532313053C19E003200010000012C002F0100000A0D44854351BF7744A000C2D5F077145D6CEABFBEAFF6A73A38903FE2AE5D63FE1960060006000080000002C228002E00010000012C009C003207030000012C614C24696142DC20C551046E69737403676F7600A52E7A9379F15D935963CCD8508003629DBACEAEE5076C1DAF6691C766C5D4CED28136386274D8CA33D2CBF7072B16B502EA2AC1A124B90FD69EDFFE9037C5879C1C48D8B7AF3C41E4CA367C74B33531113436E773F809203250DC1E40C41AE94116CF8E04073B2302F72542E46385F5809BCD56EB4E32CDCC337883CE2DC412C2A2000600010000012C002202676DC2A2066E65746F7073C2A2002D182400002A30000004380024EA000000012CC2A2002E00010000012C009C0006070200000708614D3E266143F596C551046E69737403676F76007FB12C9486F3C045E9654D44E2D6F00F43838EA076FF3109D4356B728ED1678BF97783DC48CEE31A9C4FC91DDDD1EC5A702ADC1E8C88D8F14D00096A366ED8DC46F6FC6E2E996CEADF82E1F5D5E12B5E70C4C4B4B7A695782F2A85AC467E17881D1CD97EDFAB941BC4176E482F3F710A80F83095C77EE19ECE4563029EBAD9290000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{3A26445D-6446-4A20-A35D-1C87EAF6B7B4}",
"EventReceivedTime": "2021-09-16T20:12:52.252259-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:12:51.382119-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "tick.nist.gov.",
"QTYPE": "28",
"XID": "49373",
"DNSSEC": "0",
"RCODE": "0",
"Port": "51652",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "77",
"PacketData": "0xC0DD81800001000000010000047469636B046E69737403676F7600001C0001C011000600010000012C002202676DC011066E65746F7073C011002D182400002A30000004380024EA000000012C",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "40",
"GUID": "{3A26445D-6446-4A20-A35D-1C87EAF6B7B4}",
"EventReceivedTime": "2021-09-16T20:12:52.252259-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:13:10.779204-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "tick.ntp.org.",
"QTYPE": "1",
"XID": "49787",
"Port": "55746",
"BufferSize": "30",
"PacketData": "0xC27B01000001000000000000047469636B036E7470036F72670000010001",
"AdditionalInfo": ".",
"GUID": "{CA42C32A-BC57-4BE2-9F94-97553BFCA3AC}",
"EventReceivedTime": "2021-09-16T20:13:11.783840-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:13:10.779331-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "66.220.13.229",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "tick.ntp.org.",
"QTYPE": "1",
"QXID": "49787",
"XID": "12285",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "41",
"PacketData": "0x2FFD00000001000000000001047469636B036E7470036F726700000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{CA42C32A-BC57-4BE2-9F94-97553BFCA3AC}",
"EventReceivedTime": "2021-09-16T20:13:11.783840-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:13:10.840737-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "66.220.13.229",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "tick.ntp.org.",
"QTYPE": "1",
"XID": "12285",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "100",
"PacketData": "0x2FFD84000001000000010001047469636B036E7470036F72670000010001C0110006000100000E10002F036E73310765766572657474C0150A706F73746D6173746572C011787743F4000151800000384000093A8000000E100000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{CA42C32A-BC57-4BE2-9F94-97553BFCA3AC}",
"EventReceivedTime": "2021-09-16T20:13:11.783840-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:13:10.840964-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "tick.ntp.org.",
"QTYPE": "1",
"XID": "49787",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55746",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "89",
"PacketData": "0xC27B81800001000000010000047469636B036E7470036F72670000010001C0110006000100000384002F036E73310765766572657474C0150A706F73746D6173746572C011787743F4000151800000384000093A8000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "62",
"GUID": "{CA42C32A-BC57-4BE2-9F94-97553BFCA3AC}",
"EventReceivedTime": "2021-09-16T20:13:11.783840-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:13:10.842208-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "tick.ntp.org.",
"QTYPE": "28",
"XID": "177",
"Port": "35573",
"BufferSize": "30",
"PacketData": "0x00B101000001000000000000047469636B036E7470036F726700001C0001",
"AdditionalInfo": ".",
"GUID": "{75D591E1-C30A-433A-BC90-7F8EA44F03AB}",
"EventReceivedTime": "2021-09-16T20:13:11.783840-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:13:10.843394-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "66.220.13.229",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "tick.ntp.org.",
"QTYPE": "28",
"QXID": "177",
"XID": "4006",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "41",
"PacketData": "0x0FA600000001000000000001047469636B036E7470036F726700001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{75D591E1-C30A-433A-BC90-7F8EA44F03AB}",
"EventReceivedTime": "2021-09-16T20:13:11.783840-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:13:10.904470-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "66.220.13.229",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "tick.ntp.org.",
"QTYPE": "28",
"XID": "4006",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "100",
"PacketData": "0x0FA684000001000000010001047469636B036E7470036F726700001C0001C0110006000100000E10002F036E73310765766572657474C0150A706F73746D6173746572C011787743F4000151800000384000093A8000000E100000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{75D591E1-C30A-433A-BC90-7F8EA44F03AB}",
"EventReceivedTime": "2021-09-16T20:13:11.799237-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:13:10.906072-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "tick.ntp.org.",
"QTYPE": "28",
"XID": "177",
"DNSSEC": "0",
"RCODE": "0",
"Port": "35573",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "89",
"PacketData": "0x00B181800001000000010000047469636B036E7470036F726700001C0001C0110006000100000384002F036E73310765766572657474C0150A706F73746D6173746572C011787743F4000151800000384000093A8000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "63",
"GUID": "{75D591E1-C30A-433A-BC90-7F8EA44F03AB}",
"EventReceivedTime": "2021-09-16T20:13:11.799237-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:13:59.807782-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"XID": "1",
"Port": "56418",
"BufferSize": "90",
"PacketData": "0x0001010000010000000000000166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C0001",
"AdditionalInfo": ".",
"GUID": "{E2D46116-6B84-4CEE-8285-A4BA7AE2E1EB}",
"EventReceivedTime": "2021-09-16T20:14:00.797866-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:13:59.807828-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33155",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "f.b.8.9.f.b.4.d.3.5.b.7.3.a.8.b.a.2.8.0.0.0.4.4.2.4.4.0.1.0.6.2.ip6.arpa.",
"QTYPE": "12",
"XID": "1",
"DNSSEC": "0",
"RCODE": "3",
"Port": "56418",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "171",
"PacketData": "0x0001818300010000000100000166016201380139016601620134016401330135016201370133016101380162016101320138013001300130013401340132013401340130013101300136013203697036046172706100000C0001C042000600010000028C004506646E7331303107636F6D63617374036E65740009646E736D61737465720D636F6D636173746F6E6C696E6503636F6D00780C9EE200001C200000012C00093A8000000384",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{E2D46116-6B84-4CEE-8285-A4BA7AE2E1EB}",
"EventReceivedTime": "2021-09-16T20:14:00.797866-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:13:59.809830-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "www.usno.navy.mil.v6.example.com.",
"QTYPE": "1",
"XID": "2",
"Port": "56419",
"BufferSize": "50",
"PacketData": "0x000201000001000000000000037777770475736E6F046E617679036D696C027636076578616D706C6503636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{D76AF5E0-C45F-4142-A37F-DB72A16137B2}",
"EventReceivedTime": "2021-09-16T20:14:00.797866-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:13:59.809865-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "1",
"AD": "0",
"QNAME": "www.usno.navy.mil.v6.example.com.",
"QTYPE": "1",
"XID": "2",
"DNSSEC": "0",
"RCODE": "3",
"Port": "56419",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "122",
"PacketData": "0x000285830001000000010000037777770475736E6F046E617679036D696C027636076578616D706C6503636F6D0000010001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{D76AF5E0-C45F-4142-A37F-DB72A16137B2}",
"EventReceivedTime": "2021-09-16T20:14:00.797866-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:13:59.810056-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "www.usno.navy.mil.v6.example.com.",
"QTYPE": "28",
"XID": "3",
"Port": "56420",
"BufferSize": "50",
"PacketData": "0x000301000001000000000000037777770475736E6F046E617679036D696C027636076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{01B3BEC0-8594-47DA-AAC3-911EBF42D2A2}",
"EventReceivedTime": "2021-09-16T20:14:00.797866-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:13:59.810085-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "1",
"AD": "0",
"QNAME": "www.usno.navy.mil.v6.example.com.",
"QTYPE": "28",
"XID": "3",
"DNSSEC": "0",
"RCODE": "3",
"Port": "56420",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "122",
"PacketData": "0x000385830001000000010000037777770475736E6F046E617679036D696C027636076578616D706C6503636F6D00001C0001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{01B3BEC0-8594-47DA-AAC3-911EBF42D2A2}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:13:59.810233-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "1",
"XID": "4",
"Port": "56421",
"BufferSize": "35",
"PacketData": "0x000401000001000000000000037777770475736E6F046E617679036D696C0000010001",
"AdditionalInfo": ".",
"GUID": "{DABCD349-DF6A-4937-B665-5DE7398321C9}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:13:59.810287-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:500:2::c",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "1",
"QXID": "4",
"XID": "23697",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "46",
"PacketData": "0x5C9100000001000000000001037777770475736E6F046E617679036D696C00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{DABCD349-DF6A-4937-B665-5DE7398321C9}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:13:59.839598-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:500:2::c",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "1",
"XID": "23697",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "632",
"PacketData": "0x5C9180000001000000090007037777770475736E6F046E617679036D696C0000010001C01A000200010002A300000C04636F6E31046E697072C01AC01A000200010002A30000070465757231C034C01A000200010002A30000070465757232C034C01A000200010002A300000704636F6E32C034C01A000200010002A30000070470616332C034C01A000200010002A30000070470616331C034C01A002B0001000151800024C8950802F4246898E30E7182322B5668847A033D78AC9B1DDA168CB431BC4CB03E9BAFBBC01A002B0001000151800018C8950801D28D15ADD021869A0A19F6CE162F55A596310FFFC01A002E0001000151800113002B08010001518061549B9061436A0068D600A86EB0F4E6B380E2D7C8CAC8BBD0E6F9A873AD50AB570F49E26EA997FC66A67423644E93F525785821894E8210A94F2A46710950161A75B6EA3FBFE27EA6738C3DF9D96FC40182CA165B18CD910FE5511DB456743828971E1C2F7F08BDC71FCF3C450D2B3BCCC617410A82B8181559EA7A014273F0CE4A129A064EEDBC3B19335A69BADA9CC47C3CB6F71268E9512BB843910089FF1C3946D29913ADB0CAAEF2912D22702F49F1F6A5DD6F8A41C90FED6A81615C9DEC43D47A3D1EC7651FA9D9413C51AE1CDE2FC6629FBB8F5D051D2E4F7BA67BC90ED46328A4A5A82F57BE3046CF37FCAE580EED27DE6FF418E9ED250191234F1D145931C1007FFC03E49398C02F000100010002A3000004C7FC9DEAC06D000100010002A3000004C7FCA2EAC047000100010002A3000004C7FC9AEAC05A000100010002A3000004C7FC8FEAC093000100010002A3000004C7FCB4EAC080000100010002A3000004C7FC9BEA00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{DABCD349-DF6A-4937-B665-5DE7398321C9}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:13:59.839818-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "199.252.157.234",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "1",
"QXID": "4",
"XID": "14382",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "46",
"PacketData": "0x382E00000001000000000001037777770475736E6F046E617679036D696C00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{DABCD349-DF6A-4937-B665-5DE7398321C9}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:13:59.871304-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "199.252.157.234",
"InterfaceIP": "0.0.0.0",
"AA": "0",
"AD": "0",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "1",
"XID": "14382",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "599",
"PacketData": "0x382E800000010000000A0008037777770475736E6F046E617679036D696C0000010001044E415659034D494C00000200010000546000190A55504443494654523032034353440444495341034D494C00C0230002000100005460000F024E53064A5446474E4F034D494C00C0230002000100005460000D0A55464F52494654523032C042C02300020001000054600006034E5331C042C02300020001000054600011024E53084359424552434F4D034D494C00C0230002000100005460000D0A55464F52494654523031C042C0230002000100005460000D0A55504443494654523031C042C023002B000100002A300024D46E0802637B84E970AA17AAAD8031B518F9B9FE8297566BAEC673ED1D080EBF68D30BF9C023002B000100002A300018D46E0801DF5F561497490D2FE13DBD70121858002287137CC023002E000100002A300097002B080200002A30614CB96D61437EED9BC7036D696C00B571A5D2295FEE5B5DBBD2426298ECA97A9C285963FE945E27851E7D0C4078F244CD375CA9EDFCEEDA14B61263B9151A43EEA9313238D49A65A80EFE908BAF1F86750E1D4A31E941A04EC8A749887288CFA8D5E6E60A9C647260206530DC678CFE67D2F036E047D8072ADD6A3D0B66403FF0830335BFB8DE027CDE004B994B2BC03700010001000054600004D7417EB5C0D800010001000054600004D7417EB4C07700010001000054600004D617F505C0BF00010001000054600004D617F504C0900001000100005460000498E56EEBC0A200010001000054600004834D3CEBC05C00010001000054600004D6037DE70000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{DABCD349-DF6A-4937-B665-5DE7398321C9}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:13:59.871438-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "214.23.245.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "1",
"QXID": "4",
"XID": "63790",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "46",
"PacketData": "0xF92E00000001000000000001037777770475736E6F046E617679036D696C00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{DABCD349-DF6A-4937-B665-5DE7398321C9}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:13:59.978076-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "214.23.245.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "1",
"XID": "63790",
"RecursionDepth": "3",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "62",
"PacketData": "0xF92E84000001000100000001037777770475736E6F046E617679036D696C0000010001C00C000100010000012C0004C7D3855A0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{DABCD349-DF6A-4937-B665-5DE7398321C9}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:13:59.979179-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "1",
"XID": "4",
"DNSSEC": "0",
"RCODE": "0",
"Port": "56421",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "51",
"PacketData": "0x000481800001000100000000037777770475736E6F046E617679036D696C0000010001C00C000100010000012C0004C7D3855A",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "169",
"GUID": "{DABCD349-DF6A-4937-B665-5DE7398321C9}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:14:00.012011-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Source": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"RD": "1",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "28",
"XID": "5",
"Port": "56422",
"BufferSize": "35",
"PacketData": "0x000501000001000000000000037777770475736E6F046E617679036D696C00001C0001",
"AdditionalInfo": ".",
"GUID": "{BEB9A193-5D03-4004-A326-DD26EFB13A42}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:14:00.012280-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "214.23.245.4",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "28",
"QXID": "5",
"XID": "19912",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "46",
"PacketData": "0x4DC800000001000000000001037777770475736E6F046E617679036D696C00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{BEB9A193-5D03-4004-A326-DD26EFB13A42}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:14:00.141090-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "214.23.245.4",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "28",
"XID": "19912",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "107",
"PacketData": "0x4DC884000001000000010001037777770475736E6F046E617679036D696C00001C0001C010000600010000043F003104646E7331046E697072C01A0E686F73746D6173746572406E6963C01A0000003B0000546000000E100024EA0000000E100000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{BEB9A193-5D03-4004-A326-DD26EFB13A42}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:14:00.142609-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"Destination": "2601:442:4400:82a:b8a3:7b53:d4bf:98bf",
"AA": "0",
"AD": "0",
"QNAME": "www.usno.navy.mil.",
"QTYPE": "28",
"XID": "5",
"DNSSEC": "0",
"RCODE": "0",
"Port": "56422",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "96",
"PacketData": "0x000581800001000000010000037777770475736E6F046E617679036D696C00001C0001C0100006000100000383003104646E7331046E697072C01A0E686F73746D6173746572406E6963C01A0000003B0000546000000E100024EA0000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "130",
"GUID": "{BEB9A193-5D03-4004-A326-DD26EFB13A42}",
"EventReceivedTime": "2021-09-16T20:14:00.812511-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:14:14.502596-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "43102",
"Port": "55103",
"BufferSize": "44",
"PacketData": "0xA85E01000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{A63BFB55-9B31-4597-8FDB-3DE33BCE26CA}",
"EventReceivedTime": "2021-09-16T20:14:15.532656-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:14:14.502686-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "43102",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55103",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "76",
"PacketData": "0xA85E81800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001C00C000100010000005900046810F9F9C00C000100010000005900046810F8F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{A63BFB55-9B31-4597-8FDB-3DE33BCE26CA}",
"EventReceivedTime": "2021-09-16T20:14:15.532656-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:14:14.502708-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "8541",
"Port": "55103",
"BufferSize": "44",
"PacketData": "0x215D01000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{8E212267-6EDF-431F-8E13-92C2A5E6F2BD}",
"EventReceivedTime": "2021-09-16T20:14:15.532656-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:14:14.502733-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "8541",
"DNSSEC": "0",
"RCODE": "0",
"Port": "55103",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "100",
"PacketData": "0x215D81800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001C00C001C00010000005900102606470000000000000000006810F8F9C00C001C00010000005900102606470000000000000000006810F9F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{8E212267-6EDF-431F-8E13-92C2A5E6F2BD}",
"EventReceivedTime": "2021-09-16T20:14:15.532656-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:15:25.012204-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "42348",
"Port": "44636",
"BufferSize": "44",
"PacketData": "0xA56C01000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{0F8420BF-E42D-499D-AB12-D7301230D6A9}",
"EventReceivedTime": "2021-09-16T20:15:26.004876-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:15:25.012282-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "42348",
"DNSSEC": "0",
"RCODE": "0",
"Port": "44636",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "76",
"PacketData": "0xA56C81800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001C00C000100010000001300046810F8F9C00C000100010000001300046810F9F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{0F8420BF-E42D-499D-AB12-D7301230D6A9}",
"EventReceivedTime": "2021-09-16T20:15:26.004876-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:15:25.012300-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "28256",
"Port": "44636",
"BufferSize": "44",
"PacketData": "0x6E6001000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{8262A9DE-09A4-4C05-879F-EF3F93AD7D76}",
"EventReceivedTime": "2021-09-16T20:15:26.004876-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:15:25.012746-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "28256",
"DNSSEC": "0",
"RCODE": "0",
"Port": "44636",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "100",
"PacketData": "0x6E6081800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001C00C001C00010000001300102606470000000000000000006810F9F9C00C001C00010000001300102606470000000000000000006810F8F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{8262A9DE-09A4-4C05-879F-EF3F93AD7D76}",
"EventReceivedTime": "2021-09-16T20:15:26.004876-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:15:49.973724-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "tick.usno.navy.mil.",
"QTYPE": "1",
"XID": "38781",
"Port": "59148",
"BufferSize": "36",
"PacketData": "0x977D01000001000000000000047469636B0475736E6F046E617679036D696C0000010001",
"AdditionalInfo": ".",
"GUID": "{613A0AD8-3A26-40B0-8D78-BB5F830CE9E1}",
"EventReceivedTime": "2021-09-16T20:15:50.961307-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:15:49.973852-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "214.3.125.231",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "tick.usno.navy.mil.",
"QTYPE": "1",
"QXID": "38781",
"XID": "7598",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "47",
"PacketData": "0x1DAE00000001000000000001047469636B0475736E6F046E617679036D696C00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{613A0AD8-3A26-40B0-8D78-BB5F830CE9E1}",
"EventReceivedTime": "2021-09-16T20:15:50.961307-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:15:50.017751-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "214.3.125.231",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "tick.usno.navy.mil.",
"QTYPE": "1",
"XID": "7598",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "63",
"PacketData": "0x1DAE84000001000100000001047469636B0475736E6F046E617679036D696C0000010001C00C000100010000001C0004C00529280000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{613A0AD8-3A26-40B0-8D78-BB5F830CE9E1}",
"EventReceivedTime": "2021-09-16T20:15:50.961307-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:15:50.017839-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "tick.usno.navy.mil.",
"QTYPE": "1",
"XID": "38781",
"DNSSEC": "0",
"RCODE": "0",
"Port": "59148",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "52",
"PacketData": "0x977D81800001000100000000047469636B0475736E6F046E617679036D696C0000010001C00C000100010000001C0004C0052928",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "44",
"GUID": "{613A0AD8-3A26-40B0-8D78-BB5F830CE9E1}",
"EventReceivedTime": "2021-09-16T20:15:50.976982-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:15:50.018390-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "tick.usno.navy.mil.",
"QTYPE": "28",
"XID": "42281",
"Port": "33170",
"BufferSize": "36",
"PacketData": "0xA52901000001000000000000047469636B0475736E6F046E617679036D696C00001C0001",
"AdditionalInfo": ".",
"GUID": "{49C1BA10-A38A-41A9-9E61-4FF822042C4C}",
"EventReceivedTime": "2021-09-16T20:15:50.976982-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:15:50.018504-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "214.3.125.231",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "tick.usno.navy.mil.",
"QTYPE": "28",
"QXID": "42281",
"XID": "34418",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "47",
"PacketData": "0x867200000001000000000001047469636B0475736E6F046E617679036D696C00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{49C1BA10-A38A-41A9-9E61-4FF822042C4C}",
"EventReceivedTime": "2021-09-16T20:15:50.976982-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:15:50.063755-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "214.3.125.231",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "tick.usno.navy.mil.",
"QTYPE": "28",
"XID": "34418",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "108",
"PacketData": "0x867284000001000000010001047469636B0475736E6F046E617679036D696C00001C0001C0110006000100000993003104646E7331046E697072C01B0E686F73746D6173746572406E6963C01B0000003B0000546000000E100024EA0000000E100000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{49C1BA10-A38A-41A9-9E61-4FF822042C4C}",
"EventReceivedTime": "2021-09-16T20:15:50.976982-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:15:50.065026-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "tick.usno.navy.mil.",
"QTYPE": "28",
"XID": "42281",
"DNSSEC": "0",
"RCODE": "0",
"Port": "33170",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "97",
"PacketData": "0xA52981800001000000010000047469636B0475736E6F046E617679036D696C00001C0001C0110006000100000384003104646E7331046E697072C01B0E686F73746D6173746572406E6963C01B0000003B0000546000000E100024EA0000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "46",
"GUID": "{49C1BA10-A38A-41A9-9E61-4FF822042C4C}",
"EventReceivedTime": "2021-09-16T20:15:50.976982-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:16:18.016481-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "11253",
"Port": "45348",
"BufferSize": "41",
"PacketData": "0x2BF5010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{160990FC-A8F8-4BDB-A7E0-2473BDEDAA78}",
"EventReceivedTime": "2021-09-16T20:16:19.027005-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:16:18.016501-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "45348",
"XID": "11253",
"BufferSize": "41",
"PacketData": "0x2BF5818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:16:19.027005-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:16:18.016594-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"QXID": "11253",
"XID": "52546",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "87",
"PacketData": "0xCD42000000010000000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{160990FC-A8F8-4BDB-A7E0-2473BDEDAA78}",
"EventReceivedTime": "2021-09-16T20:16:19.027005-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:16:18.016605-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "5367",
"Port": "45348",
"BufferSize": "41",
"PacketData": "0x14F7010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{92DCAC43-BAC7-4895-ACA1-352DB9F3CD1D}",
"EventReceivedTime": "2021-09-16T20:16:19.027005-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:16:18.016610-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "45348",
"XID": "5367",
"BufferSize": "41",
"PacketData": "0x14F7818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:16:19.027005-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:16:18.016650-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"QXID": "5367",
"XID": "53917",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "87",
"PacketData": "0xD29D000000010000000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{92DCAC43-BAC7-4895-ACA1-352DB9F3CD1D}",
"EventReceivedTime": "2021-09-16T20:16:19.042392-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:16:18.036283-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"XID": "52546",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "260",
"PacketData": "0xCD42840000010005000000012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D0000010001C00C0001000100000003000436A1F12EC00C0001000100000003000434CAA841C00C0001000100000003000412CDDE80C00C0001000100000003000436ED8551C00C002E000100000003006100010D030000000361455A026142B702AE90096865726F6B75646E7303636F6D00BEAB480C5A7A4BBC733B376B711BB0D699FF2E7BA236A7F8C4F12D2C53A299ED811341B089255A0C24531ACB60B83803B292B3BC50281C9BD0448679FD0A8DE400002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{160990FC-A8F8-4BDB-A7E0-2473BDEDAA78}",
"EventReceivedTime": "2021-09-16T20:16:19.042392-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:16:18.036373-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "11253",
"DNSSEC": "0",
"RCODE": "0",
"Port": "45348",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0x2BF5818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C000500010000083600392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000003000436A1F12EC0350001000100000003000434CAA841C0350001000100000003000412CDDE80C0350001000100000003000436ED8551",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "19",
"GUID": "{160990FC-A8F8-4BDB-A7E0-2473BDEDAA78}",
"EventReceivedTime": "2021-09-16T20:16:19.042392-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:16:18.042021-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "198.51.44.5",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"XID": "53917",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "452",
"PacketData": "0xD29D840000010000000400012C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D00001C0001C039000600010000000A003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C0616144087F0000025800000384001275000000000AC039002E00010000000A006100060D020000003C61455A026142B702AE90096865726F6B75646E7303636F6D00C858A0382A27898506CD33054A3AD97AB6BA8ED0826A71D8530AC8EBF088A65B4BF4114B97620EF4231E58E95CF1E77A3DA1BA6454EF97FF0A45ED3E944A9C75C00C002F00010000000A004601002C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E7303636F6D000006400000000003C00C002E00010000000A0061002F0D030000000A61455A026142B702AE90096865726F6B75646E7303636F6D0060C56B5D50863E5AEA48A0A9D06D319E424138A73FEFED355035A1AAAAAD4805056274D9875289406E9A6153D50E2BEB5F0414133AEB79E45CA446238B7ED35E00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{92DCAC43-BAC7-4895-ACA1-352DB9F3CD1D}",
"EventReceivedTime": "2021-09-16T20:16:19.042392-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:16:18.042178-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "5367",
"DNSSEC": "0",
"RCODE": "0",
"Port": "45348",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "110",
"PacketData": "0x14F7818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C000500010000083600392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "25",
"GUID": "{92DCAC43-BAC7-4895-ACA1-352DB9F3CD1D}",
"EventReceivedTime": "2021-09-16T20:16:19.042392-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:16:18.244615-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "33347",
"Port": "39368",
"BufferSize": "41",
"PacketData": "0x8243010000010000000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{02A7EFAD-B917-42EC-B5E8-0459FFD92BF6}",
"EventReceivedTime": "2021-09-16T20:16:19.042392-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:16:18.245104-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "1",
"Port": "39368",
"XID": "33347",
"BufferSize": "41",
"PacketData": "0x8243818000010001000000000A636C69656E742D61706908687562737461666603636F6D0000010001",
"EventReceivedTime": "2021-09-16T20:16:19.042392-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:16:18.245291-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "1",
"XID": "33347",
"DNSSEC": "0",
"RCODE": "0",
"Port": "39368",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "174",
"PacketData": "0x8243818000010005000000000A636C69656E742D61706908687562737461666603636F6D0000010001C00C000500010000083500392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0350001000100000002000434CAA841C0350001000100000002000412CDDE80C0350001000100000002000436ED8551C0350001000100000002000436A1F12E",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{02A7EFAD-B917-42EC-B5E8-0459FFD92BF6}",
"EventReceivedTime": "2021-09-16T20:16:19.042392-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:16:18.245363-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "19290",
"Port": "39368",
"BufferSize": "41",
"PacketData": "0x4B5A010000010000000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{416DA9B2-2FFE-4824-9FF3-3F9890E2077A}",
"EventReceivedTime": "2021-09-16T20:16:19.042392-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 279,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372071214514176",
"EventTime": "2021-09-16T20:16:18.245765-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "philosophical-bison-9vt8wzdndw3v3gp7qhq4k8x0.herokudns.com.",
"QTYPE": "28",
"Port": "39368",
"XID": "19290",
"BufferSize": "41",
"PacketData": "0x4B5A818000010001000000000A636C69656E742D61706908687562737461666603636F6D00001C0001",
"EventReceivedTime": "2021-09-16T20:16:19.042392-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:16:18.245908-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "client-api.hubstaff.com.",
"QTYPE": "28",
"XID": "19290",
"DNSSEC": "0",
"RCODE": "0",
"Port": "39368",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "175",
"PacketData": "0x4B5A818000010001000100000A636C69656E742D61706908687562737461666603636F6D00001C0001C00C000500010000083500392C7068696C6F736F70686963616C2D6269736F6E2D39767438777A646E6477337633677037716871346B387830096865726F6B75646E73C020C0620006000100000009003504646E733103703035056E736F6E65036E6574000A686F73746D6173746572C0836144087F0000025800000384001275000000000A",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{416DA9B2-2FFE-4824-9FF3-3F9890E2077A}",
"EventReceivedTime": "2021-09-16T20:16:19.042392-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:16:30.359229-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "31680",
"Port": "44724",
"BufferSize": "44",
"PacketData": "0x7BC001000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{599C9FB7-9FE8-47A5-B42F-9C0DB5968688}",
"EventReceivedTime": "2021-09-16T20:16:31.357294-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:16:30.359375-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "162.159.0.33",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"QXID": "31680",
"XID": "48465",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "55",
"PacketData": "0xBD5100000001000000000001076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{599C9FB7-9FE8-47A5-B42F-9C0DB5968688}",
"EventReceivedTime": "2021-09-16T20:16:31.357294-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:16:30.359394-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "62403",
"Port": "44724",
"BufferSize": "44",
"PacketData": "0xF3C301000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{19AE3960-9C3D-4F45-99F0-23C42007A877}",
"EventReceivedTime": "2021-09-16T20:16:31.357294-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:16:30.360196-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "162.159.2.9",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"QXID": "62403",
"XID": "23333",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "55",
"PacketData": "0x5B2500000001000000000001076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{19AE3960-9C3D-4F45-99F0-23C42007A877}",
"EventReceivedTime": "2021-09-16T20:16:31.357294-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:16:30.374419-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "162.159.0.33",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "48465",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "201",
"PacketData": "0xBD5184000001000300000001076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001C00C000100010000012C00046810F9F9C00C000100010000012C00046810F8F9C00C002E00010000012C006600010D030000012C6145680E6142A8EE86C90E636C6F7564666C6172652D646E7303636F6D00C1B0C52FC83BA432194905517DD9E2EAD6BC120FAF66FF27B354C0B3DD0AB94BA8BB6663784721708827B5C457597F70500979544BCA3640D8EA9C2A778BAEDD00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{599C9FB7-9FE8-47A5-B42F-9C0DB5968688}",
"EventReceivedTime": "2021-09-16T20:16:31.371420-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:16:30.374484-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "31680",
"DNSSEC": "0",
"RCODE": "0",
"Port": "44724",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "76",
"PacketData": "0x7BC081800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001C00C000100010000012B00046810F9F9C00C000100010000012B00046810F8F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "15",
"GUID": "{599C9FB7-9FE8-47A5-B42F-9C0DB5968688}",
"EventReceivedTime": "2021-09-16T20:16:31.371420-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:16:30.374916-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "162.159.2.9",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "23333",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "225",
"PacketData": "0x5B2584000001000300000001076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001C00C001C00010000012C00102606470000000000000000006810F8F9C00C001C00010000012C00102606470000000000000000006810F9F9C00C002E00010000012C0066001C0D030000012C6145681D6142A8FD86C90E636C6F7564666C6172652D646E7303636F6D0034A8DB1F4930141D6D8ECD91E116F82C98C8482CD9925C3CFFAB0588CB25239C90D398A3940DD2617F3647C1FBB8CAC3C3F829C6077F74ABDE7390A591A807A800002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{19AE3960-9C3D-4F45-99F0-23C42007A877}",
"EventReceivedTime": "2021-09-16T20:16:31.371420-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:16:30.374975-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "62403",
"DNSSEC": "0",
"RCODE": "0",
"Port": "44724",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "100",
"PacketData": "0xF3C381800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001C00C001C00010000012C00102606470000000000000000006810F8F9C00C001C00010000012C00102606470000000000000000006810F9F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "16",
"GUID": "{19AE3960-9C3D-4F45-99F0-23C42007A877}",
"EventReceivedTime": "2021-09-16T20:16:31.371420-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:17:31.171660-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "16937",
"Port": "35222",
"BufferSize": "44",
"PacketData": "0x422901000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{637C7EC9-ABEF-4EC8-8179-B3C0587AB473}",
"EventReceivedTime": "2021-09-16T20:17:32.156839-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:17:31.171802-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "1",
"XID": "16937",
"DNSSEC": "0",
"RCODE": "0",
"Port": "35222",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "76",
"PacketData": "0x422981800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D0000010001C00C00010001000000EE00046810F8F9C00C00010001000000EE00046810F9F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{637C7EC9-ABEF-4EC8-8179-B3C0587AB473}",
"EventReceivedTime": "2021-09-16T20:17:32.156839-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:17:31.172128-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "39471",
"Port": "35222",
"BufferSize": "44",
"PacketData": "0x9A2F01000001000000000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{4543CA13-674C-436C-A159-823DFDD11ABD}",
"EventReceivedTime": "2021-09-16T20:17:32.156839-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:17:31.172223-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "mozilla.cloudflare-dns.com.",
"QTYPE": "28",
"XID": "39471",
"DNSSEC": "0",
"RCODE": "0",
"Port": "35222",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "100",
"PacketData": "0x9A2F81800001000200000000076D6F7A696C6C610E636C6F7564666C6172652D646E7303636F6D00001C0001C00C001C0001000000EF00102606470000000000000000006810F9F9C00C001C0001000000EF00102606470000000000000000006810F8F9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{4543CA13-674C-436C-A159-823DFDD11ABD}",
"EventReceivedTime": "2021-09-16T20:17:32.156839-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:17:36.311373-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"XID": "14102",
"Port": "57088",
"BufferSize": "47",
"PacketData": "0x37160100000100000000000012636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{9747FF7F-6A7C-4D8C-9FF3-8F477C69CD1E}",
"EventReceivedTime": "2021-09-16T20:17:37.313199-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:17:36.311772-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "connectivity-check.ubuntu.com.",
"QTYPE": "28",
"XID": "14102",
"DNSSEC": "0",
"RCODE": "0",
"Port": "57088",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "108",
"PacketData": "0x37168180000100000001000012636F6E6E65637469766974792D636865636B067562756E747503636F6D00001C0001C01F00060001000002580031036E73310963616E6F6E6963616CC0260A686F73746D6173746572C03F7849112A00002A3000000E1000093A8000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "0",
"GUID": "{9747FF7F-6A7C-4D8C-9FF3-8F477C69CD1E}",
"EventReceivedTime": "2021-09-16T20:17:37.313199-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:17:36.312892-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "connectivity-check.ubuntu.com.example.com.",
"QTYPE": "28",
"XID": "29644",
"Port": "34246",
"BufferSize": "59",
"PacketData": "0x73CC0100000100000000000012636F6E6E65637469766974792D636865636B067562756E747503636F6D076578616D706C6503636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{44CCEE72-F645-41D7-BF37-343B2147D23E}",
"EventReceivedTime": "2021-09-16T20:17:37.313199-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:17:36.314681-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "34179",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "1",
"AD": "0",
"QNAME": "connectivity-check.ubuntu.com.example.com.",
"QTYPE": "28",
"XID": "29644",
"DNSSEC": "0",
"RCODE": "3",
"Port": "34246",
"Scope": "Default",
"Zone": "example.com",
"PolicyName": "NULL",
"BufferSize": "131",
"PacketData": "0x73CC8583000100000001000012636F6E6E65637469766974792D636865636B067562756E747503636F6D076578616D706C6503636F6D00001C0001076578616D706C6503636F6D000006000100000E1000310F77696E2D39336E6F693175766C3239000A686F73746D6173746572000000001500000384000002580001518000000E10",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "1",
"GUID": "{44CCEE72-F645-41D7-BF37-343B2147D23E}",
"EventReceivedTime": "2021-09-16T20:17:37.313199-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:17:37.742674-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "github.com.",
"QTYPE": "1",
"XID": "22957",
"Port": "52101",
"BufferSize": "28",
"PacketData": "0x59AD010000010000000000000667697468756203636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{D54A3468-B827-4803-B4B0-388724802E08}",
"EventReceivedTime": "2021-09-16T20:17:38.313705-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:17:37.744007-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:503:83eb::30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "github.com.",
"QTYPE": "1",
"QXID": "22957",
"XID": "30780",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "39",
"PacketData": "0x783C000000010000000000010667697468756203636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D54A3468-B827-4803-B4B0-388724802E08}",
"EventReceivedTime": "2021-09-16T20:17:38.313705-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:17:37.783796-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:503:83eb::30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "github.com.",
"QTYPE": "1",
"XID": "30780",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "827",
"PacketData": "0x783C800000010000000C00020667697468756203636F6D0000010001C00C000200010002A3000016066E732D35323009617773646E732D3031036E657400C00C000200010002A3000013066E732D34323109617773646E732D3532C013C00C000200010002A3000019076E732D3137303709617773646E732D323102636F02756B00C00C000200010002A3000017076E732D3132383309617773646E732D3332036F726700C00C000200010002A300001104646E733103703038056E736F6E65C039C00C000200010002A300000704646E7332C0B6C00C000200010002A300000704646E7333C0B6C00C000200010002A300000704646E7334C0B620434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC013003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C0FB002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E65520344B423444465337314C4550384738503856543443435553514E4C34434E4353C0130032000100015180002201010000001425164CF75A2B3AA3E70CEC2C7DF9EC42C3BA75DE0006200000000012C20E002E00010001518000B70032080200015180614ABE9A614173B299AF03636F6D001B999BAD4EE13D388F8BDFF94C53E0B2AF2459C51582F21C19C20988C448EA002D778E479658B5D8A97A84AC248499BCD191203FE3F0A701DC727A0ECBC38298F2F24B30083AD68EEE6DD77A88E4FE8A021777AD306D8AD8887A90D1F4DE47F06BF9007FAB20F4ADFFE12706E9E7BB29A91FCA47175EC53F4B6930F548B1312C88360DE7122BF28A4E915CAE88A1E5831360E8DA5FC9391463CE0584E5B89254C04A000100010002A3000004CDFBC1A50000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{D54A3468-B827-4803-B4B0-388724802E08}",
"EventReceivedTime": "2021-09-16T20:17:38.331154-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:17:37.783993-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.193.165",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "github.com.",
"QTYPE": "1",
"QXID": "22957",
"XID": "61168",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "39",
"PacketData": "0xEEF0000000010000000000010667697468756203636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{D54A3468-B827-4803-B4B0-388724802E08}",
"EventReceivedTime": "2021-09-16T20:17:38.331154-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:17:37.803936-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "205.251.193.165",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "github.com.",
"QTYPE": "1",
"XID": "61168",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "278",
"PacketData": "0xEEF0842000010001000800010667697468756203636F6D0000010001C00C000100010000003C00048C527103C00C0002000100000384001404646E733103703038056E736F6E65036E657400C00C0002000100000384000704646E7332C03DC00C0002000100000384000704646E7333C03DC00C0002000100000384000704646E7334C03DC00C00020001000003840017076E732D3132383309617773646E732D3332036F726700C00C00020001000003840019076E732D3137303709617773646E732D323102636F02756B00C00C00020001000003840013066E732D34323109617773646E732D3532C013C00C00020001000003840013066E732D35323009617773646E732D3031C0470000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{D54A3468-B827-4803-B4B0-388724802E08}",
"EventReceivedTime": "2021-09-16T20:17:38.331154-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:17:37.805707-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "github.com.",
"QTYPE": "1",
"XID": "22957",
"DNSSEC": "0",
"RCODE": "0",
"Port": "52101",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0x59AD818000010001000000000667697468756203636F6D0000010001C00C000100010000003C00048C527103",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "63",
"GUID": "{D54A3468-B827-4803-B4B0-388724802E08}",
"EventReceivedTime": "2021-09-16T20:17:38.331154-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:17:37.808530-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "github.com.",
"QTYPE": "28",
"XID": "55640",
"Port": "39005",
"BufferSize": "28",
"PacketData": "0xD958010000010000000000000667697468756203636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{2A608162-A2F0-45B2-8A2B-7A740737C50C}",
"EventReceivedTime": "2021-09-16T20:17:38.331154-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:17:37.809242-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "205.251.193.165",
"InterfaceIP": "0.0.0.0",
"RD": "0",
"QNAME": "github.com.",
"QTYPE": "28",
"QXID": "55640",
"XID": "7921",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "39",
"PacketData": "0x1EF1000000010000000000010667697468756203636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{2A608162-A2F0-45B2-8A2B-7A740737C50C}",
"EventReceivedTime": "2021-09-16T20:17:38.331154-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:17:37.830177-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33824",
"TCP": "0",
"Source": "205.251.193.165",
"InterfaceIP": "0.0.0.0",
"AA": "1",
"AD": "1",
"QNAME": "github.com.",
"QTYPE": "28",
"XID": "7921",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "123",
"PacketData": "0x1EF1842000010000000100010667697468756203636F6D00001C0001C00C00060001000003840048076E732D3137303709617773646E732D323102636F02756B0011617773646E732D686F73746D617374657206616D617A6F6EC0130000000100001C200000038400127500000151800000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{2A608162-A2F0-45B2-8A2B-7A740737C50C}",
"EventReceivedTime": "2021-09-16T20:17:38.346617-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:17:37.830383-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "github.com.",
"QTYPE": "28",
"XID": "55640",
"DNSSEC": "0",
"RCODE": "0",
"Port": "39005",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "112",
"PacketData": "0xD958818000010000000100000667697468756203636F6D00001C0001C00C00060001000003840048076E732D3137303709617773646E732D323102636F02756B0011617773646E732D686F73746D617374657206616D617A6F6EC0130000000100001C20000003840012750000015180",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "22",
"GUID": "{2A608162-A2F0-45B2-8A2B-7A740737C50C}",
"EventReceivedTime": "2021-09-16T20:17:38.346617-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:17:44.086437-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "gitlab.com.",
"QTYPE": "1",
"XID": "6988",
"Port": "58481",
"BufferSize": "28",
"PacketData": "0x1B4C01000001000000000000066769746C616203636F6D0000010001",
"AdditionalInfo": ".",
"GUID": "{4E545316-8DD0-4F68-967C-A61B7B44E030}",
"EventReceivedTime": "2021-09-16T20:17:45.094868-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:17:44.086605-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2001:503:231d::2:30",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "gitlab.com.",
"QTYPE": "1",
"QXID": "6988",
"XID": "17703",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "39",
"PacketData": "0x452700000001000000000001066769746C616203636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{4E545316-8DD0-4F68-967C-A61B7B44E030}",
"EventReceivedTime": "2021-09-16T20:17:45.094868-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:17:44.339079-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "32768",
"TCP": "0",
"Source": "2001:503:231d::2:30",
"InterfaceIP": "::",
"AA": "0",
"AD": "0",
"QNAME": "gitlab.com.",
"QTYPE": "1",
"XID": "17703",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "908",
"PacketData": "0x45278000000100000006000D066769746C616203636F6D0000010001C00C000200010002A30000150464697661026E730A636C6F7564666C617265C013C00C000200010002A300000B086A65726D61696E65C02D20434B30504F4A4D473837344C4A5245463745464E38343330515649543842534DC013003200010001518000230101000000146501A0C25720EE156F6C4E39636B3ADA0312D92A000722000000000290C054002E00010001518000B7003208020001518061495E696140138199AF03636F6D0073D49C969AD112E1F52C00137560047BE57A0C63D266917DED0C9A551F1942FF5A835C70F318B7C1EC6363C09CA90BC736EB8345EA6F090394D2675E2DD1E0CEC5ED70EADAD937CA6CC54F1A48BA6BE6ED4985DC52360CD72D6C33AB6A67D91A22530A0F796FA8CD809D5DFD4EDA95D33C8A5BF1A724B9CB9248BFE875C054CB318444F00A1E1D5AE0EB39B04D9810FF639A4962C6AEB971DC01E12935F5E655205048474737364B493948544450544C343244504D374C31555448413544464430C01300320001000151800022010100000014CC6113A97E477AE513E1C5E6C32806565F7746530006200000000012C167002E00010001518000B7003208020001518061496D2C6140224499AF03636F6D007151540D3BC7B5A1D2393F76F00C155BF8B9B51051534746A79F584C78D8236B2C178FD470D98C077087F33C813437942B79E928C86AD5ADA503C2FB3AA7EBA609BDD558AEE10E5FEC8B4E6CACF8512A39C63D47A26DEBB04B382733AC81DFAE7E4C3D66519054D1D9623282F3AB94D8844BD72FB8DCFB9B771B23A858C1249FA6BB5D8F2639946D8CFCA5A60F7BA742464B4F0BA9EBF73F1EFE0EB152B09D11C028000100010002A30000046CA2C061C028000100010002A3000004AC402061C028000100010002A3000004ADF53A61C028001C00010002A3000010260647000050000000000000ADF53A61C028001C00010002A30000102803F80000500000000000006CA2C061C028001C00010002A30000102A0698C10050000000000000AC402061C049000100010002A30000046CA2C39DC049000100010002A3000004A29F2C9DC049000100010002A3000004AC40239DC049001C00010002A3000010260647000058000000000000A29F2C9DC049001C00010002A30000102803F80000500000000000006CA2C39DC049001C00010002A30000102A0698C10050000000000000AC40239D0000291000000080000000",
"AdditionalInfo": ".",
"GUID": "{4E545316-8DD0-4F68-967C-A61B7B44E030}",
"EventReceivedTime": "2021-09-16T20:17:45.110742-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:17:44.339315-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2606:4700:58::a29f:2c9d",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "gitlab.com.",
"QTYPE": "1",
"QXID": "6988",
"XID": "49812",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "39",
"PacketData": "0xC29400000001000000000001066769746C616203636F6D00000100010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{4E545316-8DD0-4F68-967C-A61B7B44E030}",
"EventReceivedTime": "2021-09-16T20:17:45.110742-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:17:44.351276-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2606:4700:58::a29f:2c9d",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "gitlab.com.",
"QTYPE": "1",
"XID": "49812",
"RecursionDepth": "2",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "55",
"PacketData": "0xC29484000001000100000001066769746C616203636F6D0000010001C00C000100010000012C0004AC41FB4E00002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{4E545316-8DD0-4F68-967C-A61B7B44E030}",
"EventReceivedTime": "2021-09-16T20:17:45.110742-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:17:44.351342-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "gitlab.com.",
"QTYPE": "1",
"XID": "6988",
"DNSSEC": "0",
"RCODE": "0",
"Port": "58481",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "44",
"PacketData": "0x1B4C81800001000100000000066769746C616203636F6D0000010001C00C000100010000012B0004AC41FB4E",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "265",
"GUID": "{4E545316-8DD0-4F68-967C-A61B7B44E030}",
"EventReceivedTime": "2021-09-16T20:17:45.110742-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 256,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775809",
"EventTime": "2021-09-16T20:17:44.352069-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "256",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Source": "192.168.1.7",
"RD": "1",
"QNAME": "gitlab.com.",
"QTYPE": "28",
"XID": "40285",
"Port": "51166",
"BufferSize": "28",
"PacketData": "0x9D5D01000001000000000000066769746C616203636F6D00001C0001",
"AdditionalInfo": ".",
"GUID": "{A49A5641-A27E-41E7-AFFF-6C09997FE5FB}",
"EventReceivedTime": "2021-09-16T20:17:45.110742-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 260,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775824",
"EventTime": "2021-09-16T20:17:44.352195-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "0",
"TCP": "0",
"Destination": "2803:f800:50::6ca2:c39d",
"InterfaceIP": "::",
"RD": "0",
"QNAME": "gitlab.com.",
"QTYPE": "28",
"QXID": "40285",
"XID": "53891",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"PolicyName": "NULL",
"BufferSize": "39",
"PacketData": "0xD28300000001000000000001066769746C616203636F6D00001C00010000290FA0000080000000",
"AdditionalInfo": ".",
"GUID": "{A49A5641-A27E-41E7-AFFF-6C09997FE5FB}",
"EventReceivedTime": "2021-09-16T20:17:45.110742-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 261,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 2,
"Keywords": "9223372036854775840",
"EventTime": "2021-09-16T20:17:44.362421-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33792",
"TCP": "0",
"Source": "2803:f800:50::6ca2:c39d",
"InterfaceIP": "::",
"AA": "1",
"AD": "0",
"QNAME": "gitlab.com.",
"QTYPE": "28",
"XID": "53891",
"RecursionDepth": "1",
"Port": "0",
"RecursionScope": ".",
"CacheScope": "Default",
"BufferSize": "67",
"PacketData": "0xD28384000001000100000001066769746C616203636F6D00001C0001C00C001C00010000012C00102606470000900000F22EFBEC5BEDA9B900002904D0000080000000",
"AdditionalInfo": ".",
"GUID": "{A49A5641-A27E-41E7-AFFF-6C09997FE5FB}",
"EventReceivedTime": "2021-09-16T20:17:45.110742-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
},
{
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"EventID": 257,
"Version": 0,
"ChannelID": 16,
"OpcodeValue": 0,
"TaskValue": 1,
"Keywords": "9223372036854775810",
"EventTime": "2021-09-16T20:17:44.362684-07:00",
"ExecutionProcessID": 2080,
"ExecutionThreadID": 2940,
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"Hostname": "WIN-93NOI1UVL29",
"Domain": "NT AUTHORITY",
"AccountName": "SYSTEM",
"UserID": "S-1-5-18",
"AccountType": "User",
"Flags": "33152",
"TCP": "0",
"InterfaceIP": "192.168.1.36",
"Destination": "192.168.1.7",
"AA": "0",
"AD": "0",
"QNAME": "gitlab.com.",
"QTYPE": "28",
"XID": "40285",
"DNSSEC": "0",
"RCODE": "0",
"Port": "51166",
"Scope": "Default",
"Zone": "..Cache",
"PolicyName": "NULL",
"BufferSize": "56",
"PacketData": "0x9D5D81800001000100000000066769746C616203636F6D00001C0001C00C001C00010000012C00102606470000900000F22EFBEC5BEDA9B9",
"AdditionalInfo": "VirtualizationInstance:.",
"ElapsedTime": "11",
"GUID": "{A49A5641-A27E-41E7-AFFF-6C09997FE5FB}",
"EventReceivedTime": "2021-09-16T20:17:45.110742-07:00",
"SourceModuleName": "dnsserver",
"SourceModuleType": "im_etw",
"HostIP": "192.168.1.36"
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку