You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2020/07/20 14:21:58 UTC
[GitHub] [couchdb] hamedminaee opened a new issue #3013: Index function in couchdb design doc is reached but but the index is not emitted sometimes
hamedminaee opened a new issue #3013:
URL: https://github.com/apache/couchdb/issues/3013
[NOTE]: # ( ^^ Provide a general summary of the issue in the title above. ^^ )
## When I have some docs and I send them to couch in the searchAll design doc in some cases the index sent to index() function can not be retrieved
[NOTE]: # ( Describe the problem you're encountering. )
[TIP]: # ( Do NOT give us access or passwords to your actual CouchDB! )
I have some docs as follows:
`{
"type": "observed-data",
"id": "observed-data--af37a615-7286-4d45-80d3-4cff349d2a7b",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.157Z",
"modified": "2020-01-08T21:16:41.157Z",
"first_observed": "2019-11-16T12:59:11.449Z",
"last_observed": "2019-11-16T12:59:11.449Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60861,
"dst_port": 5357,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:59:11.449Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}`
in the above there is no MD5 field. So the MD5 field only happens in few docs as follows:
`{
"type": "observed-data",
"id": "observed-data--aa498f89-917b-4634-adda-46a373536ea7",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.132Z",
"modified": "2020-01-08T21:16:41.132Z",
"first_observed": "2019-11-16T12:59:17.034Z",
"last_observed": "2019-11-16T12:59:17.034Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\SysWOW64"
},
"1": {
"type": "file",
"hashes": {
"MD5": "ad7b9c14083b52bc532fba5948342b98"
},
"name": "cmd.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "directory",
"path": "C:\\Program Files (x86)\\Western Digital\\Discovery\\Current"
},
"4": {
"type": "file",
"name": "WD Discovery.exe",
"parent_directory_ref": "3"
},
"5": {
"type": "process",
"pid": 6164,
"name": "WD Discovery.exe",
"command_line": "\"C:\\Program Files (x86)\\Western Digital\\Discovery\\Current\\WD Discovery.exe\" --autolaunch",
"binary_ref": "4"
},
"6": {
"type": "process",
"pid": 10468,
"name": "cmd.exe",
"created": "2019-11-16T12:59:17.034Z",
"command_line": "C:\\Windows\\system32\\cmd.exe /d /s /c \"wmic logicaldisk get size,freespace,caption\"",
"creator_user_ref": "2",
"binary_ref": "1",
"parent_ref": "5"
}
}
}`
So in my case I have about 90 docs and I only call index("file.hashes.MD5", ....) when it is present so means index("file.hashes.MD5", ....) is being called 3 times among all 90 docs inserted to the couchdb.
## Steps to Reproduce
[NOTE]: # ( Include commands to reproduce, if possible. curl is preferred. )
Here is my design docs:
`function (doc) {
//pr reqs
var facet = true;
var store = true;
var fields = {}
var shouldNormalizeForSorting = true;
noiseList = ["type", "objects", "value", "modified", "id", "created", "artifact.payload_bin"]
const isNumeric=(num) => {
return !isNaN(num)
}
const isJsonObjectType=(key) => {
return typeof key === 'object' && key !== null && !Array.isArray(key)
}
const isKeyRefType=(key) => {
return key.includes("ref") || key.includes("refs");
}
const isArraysOfRefs=(key, objValue) => {
// Array.isArray(obj[key]) to handle the issue when some datasources do not full follow stix rules
return key.includes("refs") && Array.isArray(objValue);
}
const isValueType=(objValue) => {
if(Array.isArray(objValue)){
for (var i = 0; i < objValue.length; i++) {
if (typeof objValue[i] == "string" && isNumeric(objValue[i])) {
return false;
}
}
}
return (typeof objValue == "string" && !isNumeric(objValue)) || isNumeric(objValue) || Array.isArray(objValue)
}
const joinIndexPaths=(index, key) => {
return index && index != "" ? `${index}.${key}` : `${key}`
}
const AddToFields=(key, value) => {
if (noiseCancelation(key)) {
return
}
if (key in fields) {
fields[key].push(value);
} else {
const sortCompatibleKey = shouldNormalizeForSorting? convertToSortCompatibleKey(key): key;
fields[sortCompatibleKey] = [];
fields[sortCompatibleKey].push(value);
}
}
const convertToSortCompatibleKey = (key) => {
if(key.includes("-")){
return key.replace(/-/g, '_');
} else {
return key;
}
}
const noiseCancelation=(key) => {
return noiseList.includes(key) || key.startsWith("_");
}
const handleValueTypeIndex =(isIndexRefType, key, index, obj)=>{
if(isIndexRefType && key != "type"){
if (obj.value){
AddToFields(joinIndexPaths(index, "value"), obj[key])
}
Object.keys(obj).map( objKey => {
if(objKey == "type" || objKey == "value"){
return
}
if(isValueType(obj[objKey]) && !isKeyRefType(objKey)){
AddToFields(joinIndexPaths(index, objKey), obj[objKey])
}
});
}
if (obj.type && key === "type") {
if (obj.value) {
let typeToValueIndex= !index.includes(obj[key])?joinIndexPaths(index, `${obj[key]}.value`): `${index}.value`
AddToFields(typeToValueIndex, obj.value)
}
} else if(Array.isArray(obj[key])){
let indexValue = index;
if(obj.type){
indexValue = `${obj.type}`
}
obj[key].map(elem=>{
AddToFields(joinIndexPaths(indexValue, key), elem)
})
} else if (key != "value") {
let stixIndexPath = index;
if(obj.type){
stixIndexPath = `${obj.type}`
}
if(isNumeric(key)){ // to avoid 'roles.0': [ 'agent' ],
AddToFields(stixIndexPath, obj[key])
} else {
AddToFields(joinIndexPaths(stixIndexPath, key), obj[key])
}
}
}
const removeTypeIfNeeded = (obj) => {
if(obj.type){
//let newObj = {...obj}
let newObj = Object.assign({}, obj);
delete newObj.type
return newObj
} else {
return obj;
}
}
const handleRefTypeIndex = (key, obj, index, mainObj, parentKey) =>{
let currentIndexPath= key;
let stixIndexPath = index==""? `${obj.type}`: index
stixIndexPath = joinIndexPaths(stixIndexPath, currentIndexPath)
if(isArraysOfRefs(key,obj[key])){
obj[key].map(elem => {
if(mainObj[elem] && elem != parentKey){
let newObj = removeTypeIfNeeded(mainObj[elem]);
traverseObjectsInDoc(newObj, stixIndexPath,mainObj, true, elem);
}
})
} else{
if(mainObj[obj[key]] && obj[key] != parentKey){
let newObj = removeTypeIfNeeded(mainObj[obj[key]]);
traverseObjectsInDoc(newObj, stixIndexPath,mainObj, true, obj[key]);
}
}
}
const handleJsonObjectTypeIndex = (obj, key, index, mainObj, parentKey) =>{
let stixIndexPath = obj.type ? `${obj.type}.${key}`: key
stixIndexPath = isNumeric(key) ? "" : joinIndexPaths(index, stixIndexPath)
traverseObjectsInDoc(obj[key],stixIndexPath, mainObj, false, parentKey)
}
const traverseObjectsInDoc=(obj, attr, mainObj, isIndexRefType, parentKey) => {
let index = `${attr}`
Object.keys(obj).map(key => {
if (isJsonObjectType(obj[key])) {
handleJsonObjectTypeIndex(obj, key, index, mainObj, parentKey)
}
else if (isKeyRefType(key)) {
handleRefTypeIndex(key, obj, index, mainObj, parentKey)
}
else if (isValueType(obj[key])) {
handleValueTypeIndex(isIndexRefType, key, index, obj)
}
else {
}
});
}
const emitIndex=() => {
if (doc.created_by_ref) {
Object.keys(fields).forEach(function (key) {
if (typeof fields[key] == 'object' && fields[key].length !== undefined) {
if (fields[key].length === 0) {
if(key.endsWith("dst_port") || key.endsWith("src_port") || key.endsWith("pid")){
index(key, "-1", { 'store': store, 'facet': facet });
} else {
index(key, 'UNDEFINED', { 'store': store, 'facet': facet });
}
} else {
fields[key].forEach(function (ele) {
if(key.includes("MD5")){
log(`${key}`)
log(`${ele.toString()}`)
log(JSON.stringify(fields))
// for(var i= 0; i< 100; i++){
// log("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
// index("file.hashes.MD5", "hamedhamed", { 'store': store, 'facet': facet, 'boost': 10 });
// }
} else {
//index("file.hashes.MD5", "hamedhamed", { 'store': store, 'facet': facet });
}
index(key, ele.toString(), { 'store': store, 'facet': facet });
})
}
} else {
index(key, fields[key].toString(), { 'store': store, 'facet': facet });
}
})
}
}
Object.keys(doc).map(obj => {
if (typeof doc[obj] === 'object' && doc[obj] !== null) {
traverseObjectsInDoc(doc[obj], noiseCancelation(obj) ? "" : obj, doc.objects, false, obj);
} else if(doc[obj] !== null && isValueType(obj) && !noiseCancelation(obj)){
AddToFields(`${obj}`, doc[obj])
}
});
emitIndex();
}`
and here is the lists of docs I insert then one by one in the loop to couch:
`[
{
"type": "observed-data",
"id": "observed-data--51d886d7-397b-4ab8-acb2-201d4ad5a303",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.679Z",
"modified": "2020-01-08T21:16:40.679Z",
"first_observed": "2019-11-16T12:55:28.101Z",
"last_observed": "2019-11-16T12:55:28.101Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "SYSTEM"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60842,
"dst_port": 47413,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1380,
"name": "svchost.exe",
"created": "2019-11-16T12:55:28.101Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--840fcf8b-cbe1-4ca3-acae-58835e2f807b",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.688Z",
"modified": "2020-01-08T21:16:40.688Z",
"first_observed": "2019-11-16T12:55:28.883Z",
"last_observed": "2019-11-16T12:55:28.883Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60843,
"dst_port": 5357,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:55:28.883Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--8418c73d-a3b3-47d0-b086-d529516c9634",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.701Z",
"modified": "2020-01-08T21:16:40.701Z",
"first_observed": "2019-11-16T12:55:51.76Z",
"last_observed": "2019-11-16T12:55:51.76Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "172.16.0.100"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 63519,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:55:51.76Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--75d69b4a-2991-49fb-9f76-5567d92576ee",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.707Z",
"modified": "2020-01-08T21:16:40.707Z",
"first_observed": "2019-11-16T12:56:11.266Z",
"last_observed": "2019-11-16T12:56:11.266Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Program Files\\WD Desktop App"
},
"1": {
"type": "file",
"name": "wdsync-inotify.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60844,
"dst_port": 8384,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 7416,
"name": "wdsync-inotify.exe",
"created": "2019-11-16T12:56:11.266Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--592aee3a-9141-42ed-979f-2d71115770ea",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.712Z",
"modified": "2020-01-08T21:16:40.712Z",
"first_observed": "2019-11-16T12:56:11.267Z",
"last_observed": "2019-11-16T12:56:11.267Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Program Files\\WD Desktop App"
},
"1": {
"type": "file",
"name": "wdsync.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 8384,
"dst_port": 60844,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 5692,
"name": "wdsync.exe",
"created": "2019-11-16T12:56:11.267Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--a674fd12-2b26-4735-9245-8b13a86412c5",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.721Z",
"modified": "2020-01-08T21:16:40.721Z",
"first_observed": "2019-11-16T12:56:31.17Z",
"last_observed": "2019-11-16T12:56:31.17Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "SYSTEM"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60845,
"dst_port": 47413,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1380,
"name": "svchost.exe",
"created": "2019-11-16T12:56:31.17Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--3b5edadf-b6f4-4fe2-900d-7c0e43c83079",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.727Z",
"modified": "2020-01-08T21:16:40.727Z",
"first_observed": "2019-11-16T12:56:31.186Z",
"last_observed": "2019-11-16T12:56:31.186Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 3702,
"dst_port": 59503,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:56:31.186Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--f33fc370-1445-45b8-969a-1eff36f46301",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.733Z",
"modified": "2020-01-08T21:16:40.733Z",
"first_observed": "2019-11-16T12:56:31.195Z",
"last_observed": "2019-11-16T12:56:31.195Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:0:c"
},
"4": {
"type": "ipv6-addr",
"value": "0:0:0:0:0:0:0:1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 3702,
"dst_port": 59504,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:56:31.195Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--70cf0772-9808-4b15-bff9-9a32f295602d",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.738Z",
"modified": "2020-01-08T21:16:40.738Z",
"first_observed": "2019-11-16T12:56:31.201Z",
"last_observed": "2019-11-16T12:56:31.201Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:6cba:509b:55b2:f1be"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 63009,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:31.201Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--7498ad74-4474-4e04-be98-ac523e909c99",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.743Z",
"modified": "2020-01-08T21:16:40.743Z",
"first_observed": "2019-11-16T12:56:31.201Z",
"last_observed": "2019-11-16T12:56:31.201Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:5d67:4a8:1e69:54d8"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 63009,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:31.201Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--430fbd88-618c-456c-9838-48627868309b",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.749Z",
"modified": "2020-01-08T21:16:40.749Z",
"first_observed": "2019-11-16T12:56:31.302Z",
"last_observed": "2019-11-16T12:56:31.302Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:44c4:b323:9802:9228"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 63009,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:31.302Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--59eb2b41-dfaf-4683-97fe-3fe88d0534fc",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.754Z",
"modified": "2020-01-08T21:16:40.754Z",
"first_observed": "2019-11-16T12:56:31.302Z",
"last_observed": "2019-11-16T12:56:31.302Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:9da5:8c7f:8185:8de6"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 63009,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:31.302Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--c50d6691-3994-443e-8654-38dbea172b3a",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.759Z",
"modified": "2020-01-08T21:16:40.759Z",
"first_observed": "2019-11-16T12:56:31.691Z",
"last_observed": "2019-11-16T12:56:31.691Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60846,
"dst_port": 5357,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:56:31.691Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--d1c027f0-17c8-4066-aa46-42df9088c453",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.773Z",
"modified": "2020-01-08T21:16:40.773Z",
"first_observed": "2019-11-16T12:56:46.818Z",
"last_observed": "2019-11-16T12:56:46.818Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:6cba:509b:55b2:f1be"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 65126,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:46.818Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--f766ff6b-ea44-429d-8f67-db3a3713e4bf",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.778Z",
"modified": "2020-01-08T21:16:40.778Z",
"first_observed": "2019-11-16T12:56:46.818Z",
"last_observed": "2019-11-16T12:56:46.818Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:5d67:4a8:1e69:54d8"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 65126,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:46.818Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--68a591fd-d454-4a5d-b8cd-9bac5e51cb87",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.783Z",
"modified": "2020-01-08T21:16:40.783Z",
"first_observed": "2019-11-16T12:56:46.826Z",
"last_observed": "2019-11-16T12:56:46.826Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "SYSTEM"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60847,
"dst_port": 47413,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1380,
"name": "svchost.exe",
"created": "2019-11-16T12:56:46.826Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--3bc0fe43-85ce-49d4-9547-1f786c658eac",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.789Z",
"modified": "2020-01-08T21:16:40.789Z",
"first_observed": "2019-11-16T12:56:46.83Z",
"last_observed": "2019-11-16T12:56:46.83Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:2"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:34bf:285e:3f57:fe63"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 547,
"dst_port": 546,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1288,
"name": "svchost.exe",
"created": "2019-11-16T12:56:46.83Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--33b6cfaf-66f4-4c45-84f6-b9d89c8d38f7",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.794Z",
"modified": "2020-01-08T21:16:40.794Z",
"first_observed": "2019-11-16T12:56:46.918Z",
"last_observed": "2019-11-16T12:56:46.918Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:44c4:b323:9802:9228"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 65126,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:46.918Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--c2f2006f-3243-4a8a-b066-968489e5ead1",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.800Z",
"modified": "2020-01-08T21:16:40.800Z",
"first_observed": "2019-11-16T12:56:46.918Z",
"last_observed": "2019-11-16T12:56:46.918Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:9da5:8c7f:8185:8de6"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 65126,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:46.918Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--324d3e73-6c56-4f34-bb7a-3b692b26e5ed",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.805Z",
"modified": "2020-01-08T21:16:40.805Z",
"first_observed": "2019-11-16T12:56:46.989Z",
"last_observed": "2019-11-16T12:56:46.989Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "SYSTEM"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60848,
"dst_port": 47413,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1380,
"name": "svchost.exe",
"created": "2019-11-16T12:56:46.989Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--7ffcae10-103e-4448-8787-0c9dc3b72437",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.811Z",
"modified": "2020-01-08T21:16:40.811Z",
"first_observed": "2019-11-16T12:56:47.002Z",
"last_observed": "2019-11-16T12:56:47.002Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "SYSTEM"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60849,
"dst_port": 47413,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1380,
"name": "svchost.exe",
"created": "2019-11-16T12:56:47.002Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--b3869feb-8c95-4eee-a0ae-d9e90cc2ba93",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.821Z",
"modified": "2020-01-08T21:16:40.821Z",
"first_observed": "2019-11-16T12:56:47.121Z",
"last_observed": "2019-11-16T12:56:47.121Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:5d67:4a8:1e69:54d8"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 58356,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:47.121Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--22e6ba90-05b5-4417-b7bc-65855cb4f1da",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.816Z",
"modified": "2020-01-08T21:16:40.816Z",
"first_observed": "2019-11-16T12:56:47.12Z",
"last_observed": "2019-11-16T12:56:47.12Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:6cba:509b:55b2:f1be"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 58356,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:47.12Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--e371c3c3-b950-40cb-a615-052b09a0d8eb",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.827Z",
"modified": "2020-01-08T21:16:40.827Z",
"first_observed": "2019-11-16T12:56:47.221Z",
"last_observed": "2019-11-16T12:56:47.221Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:44c4:b323:9802:9228"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 58356,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:47.221Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--1911b472-efad-450f-80d0-d1f7726877cc",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.832Z",
"modified": "2020-01-08T21:16:40.832Z",
"first_observed": "2019-11-16T12:56:47.222Z",
"last_observed": "2019-11-16T12:56:47.222Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:9da5:8c7f:8185:8de6"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 58356,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:56:47.222Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--80f8c13c-28f8-42bd-b111-3b6f1b335c23",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.850Z",
"modified": "2020-01-08T21:16:40.850Z",
"first_observed": "2019-11-16T12:56:49.86Z",
"last_observed": "2019-11-16T12:56:49.86Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60850,
"dst_port": 5357,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:56:49.86Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--919e97e7-6d9d-421f-8259-fb78b094056c",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.859Z",
"modified": "2020-01-08T21:16:40.859Z",
"first_observed": "2019-11-16T12:57:01.904Z",
"last_observed": "2019-11-16T12:57:01.904Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:2"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:9da5:8c7f:8185:8de6"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 547,
"dst_port": 546,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1288,
"name": "svchost.exe",
"created": "2019-11-16T12:57:01.904Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--daff36fe-2408-4ccc-a8e5-f28948249190",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.864Z",
"modified": "2020-01-08T21:16:40.864Z",
"first_observed": "2019-11-16T12:57:11.269Z",
"last_observed": "2019-11-16T12:57:11.269Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Program Files\\WD Desktop App"
},
"1": {
"type": "file",
"name": "wdsync-inotify.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60851,
"dst_port": 8384,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 7416,
"name": "wdsync-inotify.exe",
"created": "2019-11-16T12:57:11.269Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--594b8088-7f9f-4924-8222-7c28713ebdc5",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.870Z",
"modified": "2020-01-08T21:16:40.870Z",
"first_observed": "2019-11-16T12:57:11.269Z",
"last_observed": "2019-11-16T12:57:11.269Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Program Files\\WD Desktop App"
},
"1": {
"type": "file",
"name": "wdsync.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 8384,
"dst_port": 60851,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 5692,
"name": "wdsync.exe",
"created": "2019-11-16T12:57:11.269Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--59f3469b-3bea-42bb-a009-3724e8d7c584",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.875Z",
"modified": "2020-01-08T21:16:40.875Z",
"first_observed": "2019-11-16T12:57:47.907Z",
"last_observed": "2019-11-16T12:57:47.907Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 58290,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:57:47.907Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--d83cb4ba-17a1-4718-991a-6660eabf6792",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.880Z",
"modified": "2020-01-08T21:16:40.880Z",
"first_observed": "2019-11-16T12:57:50.063Z",
"last_observed": "2019-11-16T12:57:50.063Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "SYSTEM"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60852,
"dst_port": 47413,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1380,
"name": "svchost.exe",
"created": "2019-11-16T12:57:50.063Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--6758fcbe-8a03-4e14-9444-6c9a030dfdd4",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.886Z",
"modified": "2020-01-08T21:16:40.886Z",
"first_observed": "2019-11-16T12:57:50.093Z",
"last_observed": "2019-11-16T12:57:50.093Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:6cba:509b:55b2:f1be"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 63254,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:57:50.093Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--bbf02bda-83b6-4a66-99d8-8f5a61d7aaaf",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.891Z",
"modified": "2020-01-08T21:16:40.891Z",
"first_observed": "2019-11-16T12:57:50.094Z",
"last_observed": "2019-11-16T12:57:50.094Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:5d67:4a8:1e69:54d8"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 63254,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:57:50.094Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--b004c4bb-512c-45f7-9cf5-99f7e42fe960",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.896Z",
"modified": "2020-01-08T21:16:40.896Z",
"first_observed": "2019-11-16T12:57:50.194Z",
"last_observed": "2019-11-16T12:57:50.194Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:44c4:b323:9802:9228"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 63254,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:57:50.194Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--05c9a68d-1856-49ec-a816-db0a88682d75",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.902Z",
"modified": "2020-01-08T21:16:40.902Z",
"first_observed": "2019-11-16T12:57:50.194Z",
"last_observed": "2019-11-16T12:57:50.194Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:9da5:8c7f:8185:8de6"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 63254,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:57:50.194Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--733dc4ae-7c95-4da1-9921-c7f36d95a34e",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.907Z",
"modified": "2020-01-08T21:16:40.907Z",
"first_observed": "2019-11-16T12:57:50.383Z",
"last_observed": "2019-11-16T12:57:50.383Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 59654,
"dst_port": 1900,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:57:50.383Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--d1a8e0ab-6a49-438a-8524-8587e141a3b3",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.912Z",
"modified": "2020-01-08T21:16:40.912Z",
"first_observed": "2019-11-16T12:57:51.016Z",
"last_observed": "2019-11-16T12:57:51.016Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "172.16.0.100"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 3702,
"dst_port": 52427,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.016Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--a83e6f26-f137-43fd-afaa-eaf8f9401b13",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.922Z",
"modified": "2020-01-08T21:16:40.922Z",
"first_observed": "2019-11-16T12:57:51.76Z",
"last_observed": "2019-11-16T12:57:51.76Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "172.16.0.100"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 61133,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.76Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--d9f8b4f0-25d1-415c-a6f4-80d44f5f2c42",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.943Z",
"modified": "2020-01-08T21:16:40.943Z",
"first_observed": "2019-11-16T12:57:51.921Z",
"last_observed": "2019-11-16T12:57:51.921Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 3702,
"dst_port": 55566,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.921Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--8f357dd2-702b-4fca-9fac-b4d582cf09b5",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.949Z",
"modified": "2020-01-08T21:16:40.949Z",
"first_observed": "2019-11-16T12:57:51.921Z",
"last_observed": "2019-11-16T12:57:51.921Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 3702,
"dst_port": 55566,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.921Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--2705cc9c-882a-4911-ba27-c72507813520",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.954Z",
"modified": "2020-01-08T21:16:40.954Z",
"first_observed": "2019-11-16T12:57:51.921Z",
"last_observed": "2019-11-16T12:57:51.921Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:0:c"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:6cba:509b:55b2:f1be"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 3702,
"dst_port": 55567,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.921Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--24ecd8f3-9715-405a-871e-10b4d93ed620",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.959Z",
"modified": "2020-01-08T21:16:40.959Z",
"first_observed": "2019-11-16T12:57:51.921Z",
"last_observed": "2019-11-16T12:57:51.921Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:0:c"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:5d67:4a8:1e69:54d8"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 3702,
"dst_port": 55567,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.921Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--a0d9ccba-daec-4b8c-8c51-8e55edb78169",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.965Z",
"modified": "2020-01-08T21:16:40.965Z",
"first_observed": "2019-11-16T12:57:51.921Z",
"last_observed": "2019-11-16T12:57:51.921Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:0:c"
},
"4": {
"type": "ipv6-addr",
"value": "0:0:0:0:0:0:0:1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 3702,
"dst_port": 55567,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.921Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--b59f5d7d-3c32-4ed9-bc99-b617a0f89f8e",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.970Z",
"modified": "2020-01-08T21:16:40.970Z",
"first_observed": "2019-11-16T12:57:51.921Z",
"last_observed": "2019-11-16T12:57:51.921Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:0:c"
},
"4": {
"type": "ipv6-addr",
"value": "0:0:0:0:0:0:0:1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 3702,
"dst_port": 55567,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.921Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--2ef441df-63ba-4bd4-bb95-444b1a178830",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.975Z",
"modified": "2020-01-08T21:16:40.975Z",
"first_observed": "2019-11-16T12:57:51.923Z",
"last_observed": "2019-11-16T12:57:51.923Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 3702,
"dst_port": 55566,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.923Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--ddc422fd-8efa-41ed-bd35-9a13bf552427",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.981Z",
"modified": "2020-01-08T21:16:40.981Z",
"first_observed": "2019-11-16T12:57:51.923Z",
"last_observed": "2019-11-16T12:57:51.923Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 55566,
"dst_port": 3702,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.923Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--8d477102-c977-4eec-aff1-27b8ce1af2de",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.987Z",
"modified": "2020-01-08T21:16:40.987Z",
"first_observed": "2019-11-16T12:57:51.926Z",
"last_observed": "2019-11-16T12:57:51.926Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60853,
"dst_port": 5357,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.926Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--fca99836-6d48-4728-a4b7-05f3da548518",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.927Z",
"modified": "2020-01-08T21:16:40.927Z",
"first_observed": "2019-11-16T12:57:51.92Z",
"last_observed": "2019-11-16T12:57:51.92Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 55566,
"dst_port": 3702,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.92Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--8f2ff9c5-2fe0-495c-884a-fd0fda1722cf",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.933Z",
"modified": "2020-01-08T21:16:40.933Z",
"first_observed": "2019-11-16T12:57:51.92Z",
"last_observed": "2019-11-16T12:57:51.92Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "172.16.0.112"
},
"4": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 55566,
"dst_port": 3702,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.92Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--ca44f078-ec39-4f65-a1bd-dacec21da170",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.938Z",
"modified": "2020-01-08T21:16:40.938Z",
"first_observed": "2019-11-16T12:57:51.92Z",
"last_observed": "2019-11-16T12:57:51.92Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 55566,
"dst_port": 3702,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:57:51.92Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--188ee2d0-528c-4499-bedb-5613f92b2fc2",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:40.996Z",
"modified": "2020-01-08T21:16:40.996Z",
"first_observed": "2019-11-16T12:58:05.571Z",
"last_observed": "2019-11-16T12:58:05.571Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "SYSTEM"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60854,
"dst_port": 47413,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1380,
"name": "svchost.exe",
"created": "2019-11-16T12:58:05.571Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--2add0c6f-02a8-45fb-83a2-b2b4cd02e6a9",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.002Z",
"modified": "2020-01-08T21:16:41.002Z",
"first_observed": "2019-11-16T12:58:05.571Z",
"last_observed": "2019-11-16T12:58:05.571Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:6cba:509b:55b2:f1be"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 50186,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:58:05.571Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--08aaffa9-28aa-478b-9090-22baecd3cc34",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.008Z",
"modified": "2020-01-08T21:16:41.008Z",
"first_observed": "2019-11-16T12:58:05.572Z",
"last_observed": "2019-11-16T12:58:05.572Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:5d67:4a8:1e69:54d8"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 50186,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:58:05.572Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--81d277c8-294e-4e56-93ad-3f1cb7f3ae33",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.013Z",
"modified": "2020-01-08T21:16:41.013Z",
"first_observed": "2019-11-16T12:58:05.575Z",
"last_observed": "2019-11-16T12:58:05.575Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:2"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:10aa:152c:3f57:fe63"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 547,
"dst_port": 546,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1288,
"name": "svchost.exe",
"created": "2019-11-16T12:58:05.575Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--98fe11f1-5cb6-4268-bd5a-74d8fc227ab0",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.023Z",
"modified": "2020-01-08T21:16:41.023Z",
"first_observed": "2019-11-16T12:58:05.672Z",
"last_observed": "2019-11-16T12:58:05.672Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:44c4:b323:9802:9228"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 50186,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:58:05.672Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--8eb62b14-1fd6-4eb9-9cfe-99d95a5caf4f",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.028Z",
"modified": "2020-01-08T21:16:41.028Z",
"first_observed": "2019-11-16T12:58:05.672Z",
"last_observed": "2019-11-16T12:58:05.672Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:9da5:8c7f:8185:8de6"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 50186,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:58:05.672Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--d57cc7b4-b33b-4c20-81cb-5b12c772e769",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.034Z",
"modified": "2020-01-08T21:16:41.034Z",
"first_observed": "2019-11-16T12:58:05.731Z",
"last_observed": "2019-11-16T12:58:05.731Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "SYSTEM"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60855,
"dst_port": 47413,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1380,
"name": "svchost.exe",
"created": "2019-11-16T12:58:05.731Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--c17e9300-cb1c-4f26-83a8-f47f52d896bb",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.039Z",
"modified": "2020-01-08T21:16:41.039Z",
"first_observed": "2019-11-16T12:58:05.747Z",
"last_observed": "2019-11-16T12:58:05.747Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "SYSTEM"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60856,
"dst_port": 47413,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1380,
"name": "svchost.exe",
"created": "2019-11-16T12:58:05.747Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--ce0dd585-173f-435e-a2e8-5adb842aa5e7",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.045Z",
"modified": "2020-01-08T21:16:41.045Z",
"first_observed": "2019-11-16T12:58:05.931Z",
"last_observed": "2019-11-16T12:58:05.931Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:6cba:509b:55b2:f1be"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 50284,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:58:05.931Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--385e999d-ee8b-49d0-86a0-3818a74361ff",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.050Z",
"modified": "2020-01-08T21:16:41.050Z",
"first_observed": "2019-11-16T12:58:05.931Z",
"last_observed": "2019-11-16T12:58:05.931Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:5d67:4a8:1e69:54d8"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 50284,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:58:05.931Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--3e37de91-c626-4f5c-ad2b-4ab5180d3aab",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.056Z",
"modified": "2020-01-08T21:16:41.056Z",
"first_observed": "2019-11-16T12:58:06.032Z",
"last_observed": "2019-11-16T12:58:06.032Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:44c4:b323:9802:9228"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 50284,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:58:06.032Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--65d45f1f-35bd-4bf9-9ab3-03c9536b7b66",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.061Z",
"modified": "2020-01-08T21:16:41.061Z",
"first_observed": "2019-11-16T12:58:06.032Z",
"last_observed": "2019-11-16T12:58:06.032Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:9da5:8c7f:8185:8de6"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 50284,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:58:06.032Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--43b61d7d-327f-477f-967d-345cb6cedf87",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.071Z",
"modified": "2020-01-08T21:16:41.071Z",
"first_observed": "2019-11-16T12:58:08.319Z",
"last_observed": "2019-11-16T12:58:08.319Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60857,
"dst_port": 5357,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:58:08.319Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--d697a5b1-29c6-4aeb-8ca2-1d1288b3339f",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.080Z",
"modified": "2020-01-08T21:16:41.080Z",
"first_observed": "2019-11-16T12:58:11.271Z",
"last_observed": "2019-11-16T12:58:11.271Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Program Files\\WD Desktop App"
},
"1": {
"type": "file",
"name": "wdsync-inotify.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60858,
"dst_port": 8384,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 7416,
"name": "wdsync-inotify.exe",
"created": "2019-11-16T12:58:11.271Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--bb2c9a30-9952-4070-95d0-4e1db711d479",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.086Z",
"modified": "2020-01-08T21:16:41.086Z",
"first_observed": "2019-11-16T12:58:11.271Z",
"last_observed": "2019-11-16T12:58:11.271Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Program Files\\WD Desktop App"
},
"1": {
"type": "file",
"name": "wdsync.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 8384,
"dst_port": 60858,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 5692,
"name": "wdsync.exe",
"created": "2019-11-16T12:58:11.271Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--09b66634-1458-407c-a7aa-6cc04eff73c7",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.091Z",
"modified": "2020-01-08T21:16:41.091Z",
"first_observed": "2019-11-16T12:58:45.354Z",
"last_observed": "2019-11-16T12:58:45.354Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.169"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 60000,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:58:45.354Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--4d2a1cf5-4f68-4c85-a821-7da965a7bdca",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.096Z",
"modified": "2020-01-08T21:16:41.096Z",
"first_observed": "2019-11-16T12:59:08.823Z",
"last_observed": "2019-11-16T12:59:08.823Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "SYSTEM"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60859,
"dst_port": 47413,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1380,
"name": "svchost.exe",
"created": "2019-11-16T12:59:08.823Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--687d5a1e-9b5f-4395-9f4c-a1ef27cb4222",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.102Z",
"modified": "2020-01-08T21:16:41.102Z",
"first_observed": "2019-11-16T12:59:08.839Z",
"last_observed": "2019-11-16T12:59:08.839Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:6cba:509b:55b2:f1be"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 52203,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:59:08.839Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--c8dc187a-6724-4095-9311-f980e713fe7d",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.107Z",
"modified": "2020-01-08T21:16:41.107Z",
"first_observed": "2019-11-16T12:59:08.839Z",
"last_observed": "2019-11-16T12:59:08.839Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:5d67:4a8:1e69:54d8"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 52203,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:59:08.839Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--d5bfc17b-f24b-4fb3-9cb4-6a9934d274ed",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.112Z",
"modified": "2020-01-08T21:16:41.112Z",
"first_observed": "2019-11-16T12:59:08.845Z",
"last_observed": "2019-11-16T12:59:08.845Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:0:c"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:950c:ff99:129:5107"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 3702,
"dst_port": 52428,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:59:08.845Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--0921ab4d-7059-436b-83f2-72c571cccfd5",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.121Z",
"modified": "2020-01-08T21:16:41.121Z",
"first_observed": "2019-11-16T12:59:08.939Z",
"last_observed": "2019-11-16T12:59:08.939Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:44c4:b323:9802:9228"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 52203,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:59:08.939Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--3916cf99-1dc6-4d16-8606-3a5ea2f9c5a9",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.127Z",
"modified": "2020-01-08T21:16:41.127Z",
"first_observed": "2019-11-16T12:59:08.939Z",
"last_observed": "2019-11-16T12:59:08.939Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv6-addr",
"value": "ff02:0:0:0:0:0:1:3"
},
"4": {
"type": "ipv6-addr",
"value": "fe80:0:0:0:9da5:8c7f:8185:8de6"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 5355,
"dst_port": 52203,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:59:08.939Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--583356c9-740d-40ad-aa02-b98835118c9a",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.146Z",
"modified": "2020-01-08T21:16:41.146Z",
"first_observed": "2019-11-16T12:59:11.273Z",
"last_observed": "2019-11-16T12:59:11.273Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Program Files\\WD Desktop App"
},
"1": {
"type": "file",
"name": "wdsync-inotify.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60860,
"dst_port": 8384,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 7416,
"name": "wdsync-inotify.exe",
"created": "2019-11-16T12:59:11.273Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--072ab8e7-4571-42bc-9c01-5d4a6c20f284",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.151Z",
"modified": "2020-01-08T21:16:41.151Z",
"first_observed": "2019-11-16T12:59:11.273Z",
"last_observed": "2019-11-16T12:59:11.273Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Program Files\\WD Desktop App"
},
"1": {
"type": "file",
"name": "wdsync.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 8384,
"dst_port": 60860,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 5692,
"name": "wdsync.exe",
"created": "2019-11-16T12:59:11.273Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--af37a615-7286-4d45-80d3-4cff349d2a7b",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.157Z",
"modified": "2020-01-08T21:16:41.157Z",
"first_observed": "2019-11-16T12:59:11.449Z",
"last_observed": "2019-11-16T12:59:11.449Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"4": {
"type": "ipv4-addr",
"value": "127.0.0.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 60861,
"dst_port": 5357,
"protocols": ["tcp"]
},
"6": {
"type": "process",
"pid": 1352,
"name": "svchost.exe",
"created": "2019-11-16T12:59:11.449Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--aa498f89-917b-4634-adda-46a373536ea7",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.132Z",
"modified": "2020-01-08T21:16:41.132Z",
"first_observed": "2019-11-16T12:59:17.034Z",
"last_observed": "2019-11-16T12:59:17.034Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\SysWOW64"
},
"1": {
"type": "file",
"hashes": {
"MD5": "ad7b9c14083b52bc532fba5948342b98"
},
"name": "cmd.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "directory",
"path": "C:\\Program Files (x86)\\Western Digital\\Discovery\\Current"
},
"4": {
"type": "file",
"name": "WD Discovery.exe",
"parent_directory_ref": "3"
},
"5": {
"type": "process",
"pid": 6164,
"name": "WD Discovery.exe",
"command_line": "\"C:\\Program Files (x86)\\Western Digital\\Discovery\\Current\\WD Discovery.exe\" --autolaunch",
"binary_ref": "4"
},
"6": {
"type": "process",
"pid": 10468,
"name": "cmd.exe",
"created": "2019-11-16T12:59:17.034Z",
"command_line": "C:\\Windows\\system32\\cmd.exe /d /s /c \"wmic logicaldisk get size,freespace,caption\"",
"creator_user_ref": "2",
"binary_ref": "1",
"parent_ref": "5"
}
}
}, {
"type": "observed-data",
"id": "observed-data--8bd56d1d-622a-4360-bf06-aab05323c02c",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.139Z",
"modified": "2020-01-08T21:16:41.139Z",
"first_observed": "2019-11-16T12:59:17.131Z",
"last_observed": "2019-11-16T12:59:17.131Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"hashes": {
"MD5": "3eb5f7cf5b46fc7dcfc747d2c8e3348f"
},
"name": "conhost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "hamedminaee"
},
"3": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"4": {
"type": "file",
"name": "csrss.exe",
"parent_directory_ref": "3"
},
"5": {
"type": "process",
"pid": 3348,
"name": "csrss.exe",
"command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",
"binary_ref": "4"
},
"6": {
"type": "process",
"pid": 4700,
"name": "conhost.exe",
"created": "2019-11-16T12:59:17.131Z",
"command_line": "\\??\\C:\\Windows\\system32\\conhost.exe \"-433543148-1035495734509471520-379168314-1724229305-1450954778-848090721-1747192425\"",
"creator_user_ref": "2",
"binary_ref": "1",
"parent_ref": "5"
}
}
}, {
"type": "observed-data",
"id": "observed-data--527bc614-82f6-4a5c-967f-be1f302ae728",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.166Z",
"modified": "2020-01-08T21:16:41.166Z",
"first_observed": "2019-11-16T12:59:17.233Z",
"last_observed": "2019-11-16T12:59:17.233Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\SysWOW64\\wbem"
},
"1": {
"type": "file",
"hashes": {
"MD5": "a03cf3838775e0801a0894c8bacd2e56"
},
"name": "WMIC.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "directory",
"path": "C:\\Windows\\SysWOW64"
},
"4": {
"type": "file",
"name": "cmd.exe",
"parent_directory_ref": "3"
},
"5": {
"type": "process",
"pid": 10468,
"name": "cmd.exe",
"command_line": "C:\\Windows\\system32\\cmd.exe /d /s /c \"wmic logicaldisk get size,freespace,caption\"",
"binary_ref": "4"
},
"6": {
"type": "process",
"pid": 8776,
"name": "WMIC.exe",
"created": "2019-11-16T12:59:17.233Z",
"command_line": "wmic logicaldisk get size,freespace,caption",
"creator_user_ref": "2",
"binary_ref": "1",
"parent_ref": "5"
}
}
}, {
"type": "observed-data",
"id": "observed-data--b628a2da-1574-49c4-ad05-9e2ac4ca7dbc",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.180Z",
"modified": "2020-01-08T21:16:41.180Z",
"first_observed": "2019-11-16T12:59:25.392Z",
"last_observed": "2019-11-16T12:59:25.392Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 42735,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:59:25.392Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--4bbb99f1-b8f8-4b97-a987-d7ff6631f5ac",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.185Z",
"modified": "2020-01-08T21:16:41.185Z",
"first_observed": "2019-11-16T12:59:25.495Z",
"last_observed": "2019-11-16T12:59:25.495Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 51240,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:59:25.495Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--dd6cf9ad-db18-47a9-8f14-9b1438752068",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.191Z",
"modified": "2020-01-08T21:16:41.191Z",
"first_observed": "2019-11-16T12:59:25.597Z",
"last_observed": "2019-11-16T12:59:25.597Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 53287,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:59:25.597Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--17885a8c-b57e-404b-98b4-090a75e78fe2",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.196Z",
"modified": "2020-01-08T21:16:41.196Z",
"first_observed": "2019-11-16T12:59:25.7Z",
"last_observed": "2019-11-16T12:59:25.7Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 36332,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:59:25.7Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--1718e202-4334-4f5d-8be9-f5442b1630f6",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.201Z",
"modified": "2020-01-08T21:16:41.201Z",
"first_observed": "2019-11-16T12:59:25.904Z",
"last_observed": "2019-11-16T12:59:25.904Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 42391,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:59:25.904Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--38f991f0-2576-459b-b82a-093c45f460a9",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.207Z",
"modified": "2020-01-08T21:16:41.207Z",
"first_observed": "2019-11-16T12:59:26.007Z",
"last_observed": "2019-11-16T12:59:26.007Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 32769,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:59:26.007Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--b2220f01-5b73-4e92-9d2d-a0493159c808",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.212Z",
"modified": "2020-01-08T21:16:41.212Z",
"first_observed": "2019-11-16T12:59:26.109Z",
"last_observed": "2019-11-16T12:59:26.109Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 53957,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:59:26.109Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--14199d88-1595-4f9b-8313-5baaad19bcd7",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.217Z",
"modified": "2020-01-08T21:16:41.217Z",
"first_observed": "2019-11-16T12:59:26.158Z",
"last_observed": "2019-11-16T12:59:26.158Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 59979,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:59:26.158Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--415adedf-e674-4529-9d3a-5d67ea0bb4c3",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.223Z",
"modified": "2020-01-08T21:16:41.223Z",
"first_observed": "2019-11-16T12:59:26.233Z",
"last_observed": "2019-11-16T12:59:26.233Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "NETWORK SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.1.156"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 57588,
"dst_port": 53,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1800,
"name": "svchost.exe",
"created": "2019-11-16T12:59:26.233Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}, {
"type": "observed-data",
"id": "observed-data--0729f362-604a-425a-9f8e-2362c4bc5234",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.228Z",
"modified": "2020-01-08T21:16:41.228Z",
"first_observed": "2019-11-16T12:59:26.274Z",
"last_observed": "2019-11-16T12:59:26.274Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\System32"
},
"1": {
"type": "file",
"name": "svchost.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "LOCAL SERVICE"
},
"3": {
"type": "ipv4-addr",
"value": "239.255.255.250"
},
"4": {
"type": "ipv4-addr",
"value": "192.168.1.1"
},
"5": {
"type": "network-traffic",
"src_ref": "3",
"dst_ref": "4",
"src_port": 1900,
"dst_port": 35364,
"protocols": ["udp"]
},
"6": {
"type": "process",
"pid": 1728,
"name": "svchost.exe",
"created": "2019-11-16T12:59:26.274Z",
"opened_connection_refs": ["5"],
"creator_user_ref": "2",
"binary_ref": "1"
}
}
}
]`
## Expected Behaviour
[NOTE]: # ( Tell us what you expected to happen. )
when I query the db like this: http://localhost:5984/uds_8c2e8fc97ff72e7c4189dc6ed0008927/_design/searchAll/_search/searchAll?q=*:*&limit%3D10
I need to see the file.hashes.MD5 in the result but I do not see that. However as soon as you add another doc like this to the list:
`{
"type": "observed-data",
"id": "observed-data--aa498f89-917b-4634-adda-46a373536ea7",
"created_by_ref": "identity--5cd620db-2254-4aca-beb2-f80a4f90eaac",
"created": "2020-01-08T21:16:41.132Z",
"modified": "2020-01-08T21:16:41.132Z",
"first_observed": "2019-11-16T12:59:17.034Z",
"last_observed": "2019-11-16T12:59:17.034Z",
"number_observed": 1,
"objects": {
"0": {
"type": "directory",
"path": "C:\\Windows\\SysWOW64"
},
"1": {
"type": "file",
"hashes": {
"MD5": "ad7b9c14083b52bc532fba5948342b98"
},
"name": "cmd.exe",
"parent_directory_ref": "0"
},
"2": {
"type": "user-account",
"user_id": "John"
},
"3": {
"type": "directory",
"path": "C:\\Program Files (x86)\\Western Digital\\Discovery\\Current"
},
"4": {
"type": "file",
"name": "WD Discovery.exe",
"parent_directory_ref": "3"
},
"5": {
"type": "process",
"pid": 6164,
"name": "WD Discovery.exe",
"command_line": "\"C:\\Program Files (x86)\\Western Digital\\Discovery\\Current\\WD Discovery.exe\" --autolaunch",
"binary_ref": "4"
},
"6": {
"type": "process",
"pid": 10468,
"name": "cmd.exe",
"created": "2019-11-16T12:59:17.034Z",
"command_line": "C:\\Windows\\system32\\cmd.exe /d /s /c \"wmic logicaldisk get size,freespace,caption\"",
"creator_user_ref": "2",
"binary_ref": "1",
"parent_ref": "5"
}
}
}`
which has MD5 in then I can see
So to me it seems that when the index is widely used in most of the docs inserted to couch it is ok but when there is a field only exists in few docs inserted the the index is being ignored but is that the right behaviour?
## Your Environment
[TIP]: # ( Include as many relevant details about your environment as possible. )
[TIP]: # ( You can paste the output of curl http://YOUR-COUCHDB:5984/ here. )
* CouchDB version used: 3.0.0
* Browser name and version:
* Operating system and version:
## Additional Context
[TIP]: # ( Add any other context about the problem here. )
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [couchdb] janl closed issue #3013: Index function in couchdb design doc is reached but but the index is not emitted sometimes
Posted by GitBox <gi...@apache.org>.
janl closed issue #3013:
URL: https://github.com/apache/couchdb/issues/3013
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [couchdb] janl commented on issue #3013: Index function in couchdb design doc is reached but but the index is not emitted sometimes
Posted by GitBox <gi...@apache.org>.
janl commented on issue #3013:
URL: https://github.com/apache/couchdb/issues/3013#issuecomment-663973262
heya, your index function is very complex. I tried to make sense of it, but failed after a good while. Would you be able to reduce this to a more concise example? My guess is that this is a byproduct of your your indexing function, not CouchDB or Search behaviour.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org