644600x800000000000000015708989Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-04 17:37:04.640C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sysMD5=DE7FCC77F4A503AF4CA6A47D49B3713D,SHA256=4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6trueRiverbed Technology, Inc.Valid 644600x800000000000000015489327Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-04 13:59:42.462C:\Windows\System32\drivers\fileinfo.sysMD5=78A210DDFDF2C9EC884631D2DAA573F0,SHA256=5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BDtrueMicrosoft WindowsValid 644600x800000000000000015433907Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-04 13:06:29.885C:\Windows\System32\drivers\fileinfo.sysMD5=78A210DDFDF2C9EC884631D2DAA573F0,SHA256=5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BDtrueMicrosoft WindowsValid 644600x800000000000000012763155Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-02 12:46:32.116C:\Windows\System32\drivers\fileinfo.sysMD5=78A210DDFDF2C9EC884631D2DAA573F0,SHA256=5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BDtrueMicrosoft WindowsValid 644600x800000000000000011301414Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:08:39.998C:\Windows\System32\drivers\mmcss.sysMD5=435828B5476CD086927397728E53C37A,SHA256=519D35541AE6DA1FB4ED7AC0B3CC413C639D14F50B7489F1E1400CE0AC9AED3EtrueMicrosoft WindowsValid 644600x800000000000000011285826Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:08:31.651C:\Windows\System32\rdpudd.dllMD5=C37A137B8D82AE929124F94200E642B8,SHA256=A76310495EA89827D4C01C02DBC1DACDB54939328A7961B255B0902299AA48E0trueMicrosoft WindowsValid 644600x800000000000000011285825Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:08:31.650C:\Windows\System32\rdpudd.dllMD5=C37A137B8D82AE929124F94200E642B8,SHA256=A76310495EA89827D4C01C02DBC1DACDB54939328A7961B255B0902299AA48E0trueMicrosoft WindowsValid 644600x800000000000000011285628Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:08:31.436C:\Windows\System32\drivers\terminpt.sysMD5=06130AFFECEB94525FC2352936576B70,SHA256=10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91trueMicrosoft WindowsValid 644600x800000000000000011272734Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:25.539C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sysMD5=DE7FCC77F4A503AF4CA6A47D49B3713D,SHA256=4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6trueRiverbed Technology, Inc.Valid 644600x800000000000000011269911Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:22.821C:\Windows\System32\drivers\fileinfo.sysMD5=78A210DDFDF2C9EC884631D2DAA573F0,SHA256=5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BDtrueMicrosoft WindowsValid 644600x800000000000000011262897Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:15.842C:\Windows\System32\drivers\tcpipreg.sysMD5=CA1B323B05B6BE8452B0CC8AAB862303,SHA256=2F8A6B2762673DC98BD0CE4D081F2132F0D20EAA645B284C024B394A95B290FBtrueMicrosoft WindowsValid 644600x800000000000000011262844Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:15.838C:\Windows\System32\drivers\srv.sysMD5=E58C798BF6E7B2141E45284C9DC3FC2C,SHA256=396797D15455AACD691AA22F53CE06E693431376CE4CCC378AB4F57BB76948B9trueMicrosoft WindowsValid 644600x800000000000000011262752Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:15.831C:\Windows\System32\drivers\combroker.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x800000000000000011262726Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:15.828C:\Windows\System32\drivers\mrxsmb10.sysMD5=310012CF616A054DDAA31A54C882EFC5,SHA256=9C320CEF1220F1704D48E1B37E080FE38ED6FBC9F10D37AE58F8BEF1754EF42BtrueMicrosoft WindowsValid 644600x800000000000000011262635Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:15.821C:\Windows\System32\drivers\PEAuth.sysMD5=964566192FE35299FBB6918E5313B128,SHA256=0C4E7262C0D2A5FF258E92F7765682D42B008627764BB3799BDB286C6D1D0E7DtrueMicrosoft WindowsValid 644600x800000000000000011262383Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:15.779C:\Windows\System32\drivers\http.sysMD5=AE04E028AB9C2A852C3EDBEBCDD9F996,SHA256=E7477D786885380F946CDE583E6955A32618BD8466F77C02B5B6FB8FF61032BCtrueMicrosoft WindowsValid 644600x800000000000000011258405Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.341C:\Windows\System32\drivers\tunnel.sysMD5=79E264287F17D56D768440B0270466DE,SHA256=ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7trueMicrosoft WindowsValid 644600x800000000000000011258036Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.310C:\Windows\System32\drivers\condrv.sysMD5=44EEEB2382F566999287E13F2067693C,SHA256=53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043trueMicrosoft WindowsValid 644600x800000000000000011256468Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.138C:\Windows\System32\drivers\srv2.sysMD5=8B950E8DAC1C4BD68EAA845D1D48D393,SHA256=DFF482762B053C7A88A0E2D93B43B4F7AAD197269DE44242EC119948C8F1207EtrueMicrosoft WindowsValid 644600x800000000000000011256371Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.138C:\Windows\System32\drivers\srvnet.sysMD5=E0DC3AA99113CF1A3DFC3DAC2337AF79,SHA256=5688CB30413DB20ADAA1FE1FF5960F02B13A0E6920E95EBD7205CC0CC1CE499FtrueMicrosoft WindowsValid 644600x800000000000000011255971Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.107C:\Windows\System32\drivers\mpsdrv.sysMD5=D93DD425F6C4FDC92F1EFC5F657B99AD,SHA256=8EF248C8D2B1E79E62F9AC873B72A0BA3DCB3627D68512D231C5AD8C679DE850trueMicrosoft WindowsValid 644600x800000000000000011255787Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.107C:\Windows\System32\drivers\mrxsmb20.sysMD5=A139393E81E1EE5F1A4773E9E4B9D000,SHA256=2745536EEBCAD12724D80BBC915F4EE200AE6413343B163C85B65120C1708D95trueMicrosoft WindowsValid 644600x800000000000000011255713Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.091C:\Windows\System32\drivers\mrxsmb.sysMD5=14DEFCBD6964944B19351183983E2FA1,SHA256=AD884855D5C16CA3274E24AF7E9C0405744867BC455E29031928F75050DE5BBDtrueMicrosoft WindowsValid 644600x800000000000000011255599Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.091C:\Windows\System32\drivers\bowser.sysMD5=48B884B07EF83AD57D89A61BFA975C48,SHA256=58C127A56BEACE59C10D6463934B7378775BBA7928187052A44EBE6466181C3CtrueMicrosoft WindowsValid 644600x800000000000000011255118Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.060C:\Windows\System32\drivers\rdpdr.sysMD5=40E7E17DC93F043808BD6163537F1853,SHA256=C4497F5796721CF0ED8B880745F400979035436C447B8ACEACC4597D0BA3EBECtrueMicrosoft WindowsValid 644600x800000000000000011254897Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.044C:\Windows\System32\drivers\mslldp.sysMD5=642CDE46351D5D2D90311E77072AB46D,SHA256=B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCAtrueMicrosoft WindowsValid 644600x800000000000000011254737Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.044C:\Windows\System32\drivers\rspndr.sysMD5=5FF28F097C9699097B473F8FC7C1AA7D,SHA256=695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FAtrueMicrosoft WindowsValid 644600x800000000000000011254641Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:02.028C:\Windows\System32\drivers\lltdio.sysMD5=5933A6673F00D8255C52957E40C2D601,SHA256=0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575EtrueMicrosoft WindowsValid 644600x800000000000000011254239Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:01.997C:\Windows\System32\drivers\registry.sysMD5=EEC3A4A98AE1A337E3CD1483AD6F2E15,SHA256=764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5trueMicrosoft WindowsValid 644600x800000000000000011254187Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:01.997C:\Windows\System32\drivers\storqosflt.sysMD5=4A0E52743C703DF6D6F031E828D54E6E,SHA256=FA99B46475DA5BBE0543BC662BD3D3AB69330D74E6F8B336BE63BFE8208EB37BtrueMicrosoft WindowsValid 644600x800000000000000011254092Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:01.997C:\Windows\System32\drivers\wcifs.sysMD5=188312034D67E20FA60BD3382004BBE3,SHA256=3168377E95B74D445251FEF339802BCDBAAFE3E4B6F77BF005E81DC622A11FE5trueMicrosoft WindowsValid 644600x800000000000000011253493Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:01.950C:\Windows\System32\drivers\luafv.sysMD5=80F000C39A0AE56EA4A414DB5BCF7D4A,SHA256=AAC6CF9209803DC0514A08C4E9A5AAF7C72ED6A4DAB65F5B84BDD25988B1A24CtrueMicrosoft WindowsValid 644600x800000000000000011253348Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 14:00:01.935C:\Windows\System32\drivers\rdpvideominiport.sysMD5=97A61A3CB2B5CB4FC32B3224EF333448,SHA256=E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3trueMicrosoft WindowsValid 644600x800000000000000011248215Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:59.622C:\Windows\System32\cdd.dllMD5=239E89CB039EBEF24AFCF6E260CDB176,SHA256=3EF42FF594B9BDE4EFE03FDC54DF2AE1046316034901AD0E89ABF7B061750DC1trueMicrosoft WindowsValid 644600x800000000000000011248055Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:59.294C:\Windows\System32\tsddd.dllMD5=EF046B49E8F9C95B94DF8A125C1DFF6F,SHA256=62FD491573750D3D0EBAD74BBBF4933A0CED4F459E611AEB52939D93D3B66DBDtrueMicrosoft WindowsValid 644600x800000000000000011248051Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:59.294C:\Windows\System32\tsddd.dllMD5=EF046B49E8F9C95B94DF8A125C1DFF6F,SHA256=62FD491573750D3D0EBAD74BBBF4933A0CED4F459E611AEB52939D93D3B66DBDtrueMicrosoft WindowsValid 644600x800000000000000011248024Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:57.763C:\Windows\System32\drivers\dxgmms2.sysMD5=D6225E3235BD197147B06C9D9BCF660E,SHA256=8385B4FA3D9340244A129816EB41F0157E29AF2B061D08450FF21D3CFB37AFE2trueMicrosoft WindowsValid 644600x800000000000000011247995Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:57.763C:\Windows\System32\drivers\monitor.sysMD5=9CCCB7FC3EDADEBA461D78615A6011A6,SHA256=C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DFtrueMicrosoft WindowsValid 644600x800000000000000011247834Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:57.716C:\Windows\System32\win32k.sysMD5=DED36E854BD35A60D058F7BD413CBC67,SHA256=EBD8C37C8136F470E741041618A69778AFEE56685543085D3EC2A33BBA822962trueMicrosoft WindowsValid 644600x800000000000000011247805Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:57.716C:\Windows\System32\win32kfull.sysMD5=C57836862D3479876F6DFC7FECE76E33,SHA256=860FB69DFF6324FC522F888455588B81764D7A07B0291DBFAA1CBD0B4B329EA9trueMicrosoft WindowsValid 644600x800000000000000011247749Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:57.700C:\Windows\System32\win32kbase.sysMD5=30C3033F90D75AA2A5E7C0BB4FE03E0F,SHA256=0051221AE10ECF5CF28607B45535E5577AA5EBDF3AC16E73D3D92C3ED67C12A1trueMicrosoft WindowsValid 644600x800000000000000011247713Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:57.685C:\Windows\System32\drivers\hidparse.sysMD5=A728652A33A4808996BDF08A4155A514,SHA256=143AF46CE457C07FC0381237A4DE9D034C5A00C6B05495CAC66736AF734F3918trueMicrosoft WindowsValid 644600x800000000000000011242402Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.388C:\Windows\System32\drivers\rdpbus.sysMD5=79A415E6FA915EFC00297DAB16EC2635,SHA256=47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733trueMicrosoft WindowsValid 644600x800000000000000011242362Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.388C:\Windows\System32\drivers\swenum.sysMD5=505E0C40B5D0ADDCBB414640F59BD2E0,SHA256=DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34DtrueMicrosoft WindowsValid 644600x800000000000000011242319Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.388C:\Windows\System32\drivers\ks.sysMD5=6CFC1605CAED2E9D4239317C861698D8,SHA256=BABAE7DD4D43EC3F876B617A63239941225F1B2D882F95ECD58000FFB0F3FE19trueMicrosoft WindowsValid 644600x800000000000000011242132Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.372C:\Windows\System32\drivers\NdisVirtualBus.sysMD5=7340104C2BF2F126714F7CDE85E63610,SHA256=45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66CtrueMicrosoft WindowsValid 644600x800000000000000011242057Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.372C:\Windows\System32\drivers\vmgencounter.sysMD5=9AC80016543E82D74E92006FF79F2EB3,SHA256=B58EDD676690F3A57473639F89E417929C304A759FC35EDCE48B885D9D3D1BD1trueMicrosoft WindowsValid 644600x800000000000000011241989Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.372C:\Windows\System32\drivers\amdppm.sysMD5=F96D1D392503AE5024531106EB9820FD,SHA256=E0288DE0EFD5BB07FDEA64B401C2E091FA386B4427D09EFA0094E06495507198trueMicrosoft WindowsValid 644600x800000000000000011241866Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.372C:\Windows\System32\drivers\ena.sysMD5=C593555FD929A6FA925129109C08FC65,SHA256=5ADD00C93BE0C3E978DA48DED964A54F730B40F98C72D3F6145D79E3BFE8364DtrueAmazon Web Services, Inc.Valid 644600x800000000000000011241780Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.357C:\Windows\System32\drivers\serenum.sysMD5=3FF478A8ED32A83C36581425F6282B6C,SHA256=787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAEtrueMicrosoft WindowsValid 644600x800000000000000011241727Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.357C:\Windows\System32\drivers\serial.sysMD5=92509187AA171A80521528B36F753E1D,SHA256=FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825trueMicrosoft WindowsValid 644600x800000000000000011241611Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.357C:\Windows\System32\drivers\parport.sysMD5=6B81BF7853D161DB8AC62CD8B9C2DE6B,SHA256=B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7trueMicrosoft WindowsValid 644600x800000000000000011241525Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.341C:\Windows\System32\drivers\mouclass.sysMD5=27A07B2FB2E3057DA8DAEA4F25D843C7,SHA256=09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27trueMicrosoft WindowsValid 644600x800000000000000011241497Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.341C:\Windows\System32\drivers\kbdclass.sysMD5=210808437570BDDEE71A43535E3A2D30,SHA256=EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1EtrueMicrosoft WindowsValid 644600x800000000000000011241478Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.341C:\Windows\System32\drivers\i8042prt.sysMD5=B54B30992620C97230013A74461C8517,SHA256=CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3trueMicrosoft WindowsValid 644600x800000000000000011241297Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.341C:\Windows\System32\drivers\umbus.sysMD5=DC460AAA18CA2342FBBFB2DF9B044472,SHA256=14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBDtrueMicrosoft WindowsValid 644600x800000000000000011241243Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.325C:\Windows\System32\drivers\kdnic.sysMD5=813BA3EB2CE038F2A5382DDD75CAD60B,SHA256=99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312trueMicrosoft WindowsValid 644600x800000000000000011241161Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.325C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sysMD5=34C935AF2A414572B412B3556586D783,SHA256=912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25EtrueMicrosoft WindowsValid 644600x800000000000000011241070Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.310C:\Windows\System32\drivers\ahcache.sysMD5=D4F8B7E3BAE2A50EF166346E6898ABD4,SHA256=E97059DF67A0850A7007268A4E10BE7EE7F899E5A6B5A2E773389652EAB5130EtrueMicrosoft WindowsValid 644600x800000000000000011240989Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.310C:\Windows\System32\drivers\dam.sysMD5=3BBD0073265DA6D3EFBA54B26E5D8236,SHA256=3C10C8BEC0D8AC41A3FBD589F41A83D6345C1FDD04B8B99063B2F5670CF10B18trueMicrosoft WindowsValid 644600x800000000000000011240974Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.310C:\Windows\System32\drivers\dfsc.sysMD5=B0DA125002BDCDDDF80603885BA2057A,SHA256=6ED4D7AA30DDD3FD5D7846B6FE77285B62D5DC039DAF15986F18311ED1B80119trueMicrosoft WindowsValid 644600x800000000000000011240853Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.294C:\Windows\System32\drivers\gpuenergydrv.sysMD5=7ACD8F69B5D6EC97E6D2C006E19BED88,SHA256=FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6EtrueMicrosoft WindowsValid 644600x800000000000000011240810Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.294C:\Windows\System32\drivers\mssmbios.sysMD5=0543BEFD41EC4D25C7F7CF36409CEC7D,SHA256=631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDDtrueMicrosoft WindowsValid 644600x800000000000000011240801Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.294C:\Windows\System32\drivers\npsvctrig.sysMD5=90F5DC9802AAA00CD0B6E2AD9E7FFADC,SHA256=71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6CtrueMicrosoft WindowsValid 644600x800000000000000011240704Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.294C:\Windows\System32\drivers\nsiproxy.sysMD5=86677943316DB1C3A95977566247C93E,SHA256=5E660D2E2BE25486D7AB367C5F023789C65DFD602934E0422D51AD7425C22AE2trueMicrosoft WindowsValid 644600x800000000000000011240680Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.278C:\Windows\System32\drivers\rdbss.sysMD5=F1D3B57015EDFC77A7468FE03C21229D,SHA256=9C1596BB65EB76D24BB05557FEE7CA81161AFA32B192622E7D918AED611D5B8CtrueMicrosoft WindowsValid 644600x800000000000000011240668Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.278C:\Windows\System32\drivers\netbios.sysMD5=5D1513BD6430307C9DB86C6E351372ED,SHA256=D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6DtrueMicrosoft WindowsValid 644600x800000000000000011240653Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.278C:\Windows\System32\drivers\pacer.sysMD5=C508D3F6E45FC4E17B1B1C222DFD9386,SHA256=99B7C868BB94473EEE9F0716879DE24DE81E00894E1C6397F1448CEE45DA5C58trueMicrosoft WindowsValid 644600x800000000000000011240645Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.263C:\Windows\System32\drivers\afd.sysMD5=FE173C8932FE4A00B26522ADD3068D34,SHA256=CD25C716EFA62C242E3439CBA243883F44562C900BD7569F83D4949A6D658F4AtrueMicrosoft WindowsValid 644600x800000000000000011240637Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.263C:\Windows\System32\drivers\netbt.sysMD5=D1C8EC9B711D23FF98564044C1DEBD00,SHA256=CB8BFE057687A29449C9829B1931329FDFB9428CC43A2A635A62AA3961611CE7trueMicrosoft WindowsValid 644600x800000000000000011240607Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.247C:\Windows\System32\drivers\tdx.sysMD5=5C372B10E550F4950AF9F78AF42721F5,SHA256=273D464AF9AE7BD97EEC7A676128BC83E354F15EFC39E4E620DD716C098E6B77trueMicrosoft WindowsValid 644600x800000000000000011240582Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.247C:\Windows\System32\drivers\tdi.sysMD5=23B5CD10B4DF20DB987568521917BB00,SHA256=658075C701189BE6EC0E9EE58CBDBA266839BAA39359E5652FDC171023EA4D4FtrueMicrosoft WindowsValid 644600x800000000000000011240536Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.247C:\Windows\System32\drivers\msfs.sysMD5=B48F273744D705E2AECEB542EFB27BB3,SHA256=88266914C9D178AD0B45873600B08C5429F47C6C8BA222C4E1B5D17C718A5A5FtrueMicrosoft WindowsValid 644600x800000000000000011240495Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.232C:\Windows\System32\drivers\npfs.sysMD5=987754BAC22267570243547D27A0F018,SHA256=F69F588BFAF584D2A3C45B7DB19C6FCE48AF8B1258C5DA2D18F2D02AF3B9EFC1trueMicrosoft WindowsValid 644600x800000000000000011240474Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.232C:\Windows\System32\drivers\BasicRender.sysMD5=33C05FFEA1FB9C7DDE864EE986D8A47A,SHA256=20A67AD3FC3B0B92CF7CBF13E601A3DC5397BFCEBEC956D26EA7637F2964B913trueMicrosoft WindowsValid 644600x800000000000000011240458Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.232C:\Windows\System32\drivers\dxgkrnl.sysMD5=B93E6BEA64AD2F162791517985BB2C32,SHA256=5E9E2447FF17F570AB68758EDE432152A5D671781F7A09D01ACF8BD87830B4DCtrueMicrosoft WindowsValid 644600x800000000000000011240419Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.200C:\Windows\System32\drivers\BasicDisplay.sysMD5=94D6B95485BFA35D81524B0EBA0F7569,SHA256=14A32CD501B1D816526A75A9EB3782E6C4FF78831628F257050AD2BA73733F57trueMicrosoft WindowsValid 644600x800000000000000011240380Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.200C:\Windows\System32\drivers\watchdog.sysMD5=33D894AEB764646F9BA3249DB87705DF,SHA256=C41290C099C7234A023E5BE0F85F309127981256F6C09335118FDC8A35AAAA86trueMicrosoft WindowsValid 644600x800000000000000011240353Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.200C:\Windows\System32\drivers\null.sysMD5=6E6DD6F9DD2A034CF85E94047DBDB992,SHA256=63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215trueMicrosoft WindowsValid 644600x800000000000000011240281Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.200C:\Windows\System32\drivers\dfs.sysMD5=340CD6EC9DE7C86FFC97430EFA753502,SHA256=88897E835D1EACCF4277A592C82ED9486CD0A87CF107AB885E14C408CA09220BtrueMicrosoft WindowsValid 644600x800000000000000011240236Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.185C:\Windows\System32\drivers\filecrypt.sysMD5=0C499F7BEFA84398DDD79A7D1A9A23E4,SHA256=78364D374AC9342207E73D39D4DB894521E3F79A0A1042EF4CFA7A9EA391A7C9trueMicrosoft WindowsValid 644600x800000000000000011240136Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.185C:\Windows\System32\drivers\tbs.sysMD5=3F0DEF1B774130EF20DC016423D8F558,SHA256=E5085B8ED7F3BF44B2B0CBD5C3B0E6E7FEC9C2B8F9926939F5E8318A45CA4408trueMicrosoft WindowsValid 644600x800000000000000011240092Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.185C:\Windows\System32\drivers\cdrom.sysMD5=205985E2EBF2CE5AE7F2A56F721EF357,SHA256=538A4CB3F3B12704523A8CE01FE0AB8786BCAB118F5BE8F381F35C574AB22EF6trueMicrosoft WindowsValid 644600x800000000000000011239959Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:57.560C:\Windows\System32\drivers\AWSNVMe.sysMD5=1C33800763FA3CE32E32F7400F91C2D4,SHA256=B6023DA21D9078074C3FEB19C99EF24F9D3B7D4C7907434090CB60A722108BD1trueAmazon Web Services, Inc.Valid 644600x800000000000000011239958Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:57.560C:\Windows\System32\drivers\Diskdump.sysMD5=CB1D40B1914504E2BCB7D160A6E7EAE2,SHA256=81BF33ACEAD757EE9C46A16E6D96A35D5F6A90B8E9B88D3C350781ADAA5E53FDtrueMicrosoft WindowsValid 644600x800000000000000011239928Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.138C:\Windows\System32\drivers\AWSNVMe.sysMD5=1C33800763FA3CE32E32F7400F91C2D4,SHA256=B6023DA21D9078074C3FEB19C99EF24F9D3B7D4C7907434090CB60A722108BD1trueAmazon Web Services, Inc.Valid 644600x800000000000000011239736Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.138C:\Windows\System32\drivers\Diskdump.sysMD5=CB1D40B1914504E2BCB7D160A6E7EAE2,SHA256=81BF33ACEAD757EE9C46A16E6D96A35D5F6A90B8E9B88D3C350781ADAA5E53FDtrueMicrosoft WindowsValid 644600x800000000000000011239677Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-04-01 13:59:56.122C:\Windows\System32\drivers\crashdmp.sysMD5=3DFBB8B3F8BC0A91297030D0E530BA37,SHA256=F5F8ACC5DA4C923BABB2FCAEBDA8CE33356E8F86E9CF946047C3A1E05E472825trueMicrosoft WindowsValid 644600x80000000000000002126787Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-31 20:54:07.477C:\Windows\System32\drivers\combroker.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x80000000000000002121738Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-31 20:52:39.278C:\Windows\System32\drivers\combroker.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x80000000000000002071560Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-31 19:51:51.820C:\drivers\driver.sysMD5=73C98438AC64A68E88B7B0AFD11BA140,SHA256=DA6CA1FB539F825CA0F012ED6976BAF57EF9C70143B7A1E88B4650BF7A925E24trueCAPCOM Co.,Ltd.Valid 644600x80000000000000001773791Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-31 14:22:12.637C:\Windows\System32\drivers\fileinfo.sysMD5=78A210DDFDF2C9EC884631D2DAA573F0,SHA256=5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BDtrueMicrosoft WindowsValid 644600x8000000000000000733437Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 18:34:57.428C:\Windows\System32\drivers\combroker.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x8000000000000000732360Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 18:34:27.206C:\Windows\System32\drivers\combroker.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x8000000000000000730753Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 18:33:35.718C:\Windows\System32\drivers\combroker.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x8000000000000000730270Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 18:33:08.672C:\Windows\System32\drivers\combroker.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x8000000000000000729837Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 18:32:48.976C:\Windows\System32\drivers\combroker.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x8000000000000000728585Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 18:32:10.577C:\Windows\System32\drivers\combroker.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x8000000000000000726503Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 18:31:00.408C:\Windows\System32\drivers\combroker.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x8000000000000000718769Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 18:27:50.378C:\Windows\System32\drivers\capcom.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x8000000000000000717874Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 18:27:22.531C:\Windows\System32\drivers\capcom.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x8000000000000000716626Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 18:26:40.545C:\Windows\System32\drivers\capcom.sysMD5=69BE2867B2686C7686174EB9D65D1814,SHA256=F8A8C8B95FC9FFB00CBC467389030FB9D018F161D81C01FAA242698BE0B2A165trueCAPCOM Co.,Ltd.Valid 644600x8000000000000000700009Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 18:12:25.714C:\Users\Administrator\Downloads\Capcom-Rootkit-master\Capcom-Rootkit-master\Driver\Capcom.sysMD5=73C98438AC64A68E88B7B0AFD11BA140,SHA256=DA6CA1FB539F825CA0F012ED6976BAF57EF9C70143B7A1E88B4650BF7A925E24trueCAPCOM Co.,Ltd.Valid 644600x8000000000000000626446Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 17:14:20.193C:\Windows\System32\drivers\fileinfo.sysMD5=78A210DDFDF2C9EC884631D2DAA573F0,SHA256=5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BDtrueMicrosoft WindowsValid 644600x8000000000000000624307Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 17:14:16.150C:\Windows\System32\drivers\mmcss.sysMD5=435828B5476CD086927397728E53C37A,SHA256=519D35541AE6DA1FB4ED7AC0B3CC413C639D14F50B7489F1E1400CE0AC9AED3EtrueMicrosoft WindowsValid 644600x8000000000000000606132Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 17:14:06.886C:\Windows\System32\rdpudd.dllMD5=C37A137B8D82AE929124F94200E642B8,SHA256=A76310495EA89827D4C01C02DBC1DACDB54939328A7961B255B0902299AA48E0trueMicrosoft WindowsValid 644600x8000000000000000606128Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 17:14:06.886C:\Windows\System32\rdpudd.dllMD5=C37A137B8D82AE929124F94200E642B8,SHA256=A76310495EA89827D4C01C02DBC1DACDB54939328A7961B255B0902299AA48E0trueMicrosoft WindowsValid 644600x8000000000000000605943Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 17:14:06.730C:\Windows\System32\drivers\terminpt.sysMD5=06130AFFECEB94525FC2352936576B70,SHA256=10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91trueMicrosoft WindowsValid 644600x8000000000000000569111Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:25.119C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sysMD5=DE7FCC77F4A503AF4CA6A47D49B3713D,SHA256=4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6trueRiverbed Technology, Inc.Valid 644600x8000000000000000566504Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:22.700C:\Windows\System32\drivers\fileinfo.sysMD5=78A210DDFDF2C9EC884631D2DAA573F0,SHA256=5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BDtrueMicrosoft WindowsValid 644600x8000000000000000558907Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:16.028C:\Windows\System32\drivers\srv.sysMD5=E58C798BF6E7B2141E45284C9DC3FC2C,SHA256=396797D15455AACD691AA22F53CE06E693431376CE4CCC378AB4F57BB76948B9trueMicrosoft WindowsValid 644600x8000000000000000558745Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:16.015C:\Windows\System32\drivers\tcpipreg.sysMD5=CA1B323B05B6BE8452B0CC8AAB862303,SHA256=2F8A6B2762673DC98BD0CE4D081F2132F0D20EAA645B284C024B394A95B290FBtrueMicrosoft WindowsValid 644600x8000000000000000558718Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:16.010C:\Windows\System32\drivers\mrxsmb10.sysMD5=310012CF616A054DDAA31A54C882EFC5,SHA256=9C320CEF1220F1704D48E1B37E080FE38ED6FBC9F10D37AE58F8BEF1754EF42BtrueMicrosoft WindowsValid 644600x8000000000000000558682Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:16.002C:\Windows\System32\drivers\PEAuth.sysMD5=964566192FE35299FBB6918E5313B128,SHA256=0C4E7262C0D2A5FF258E92F7765682D42B008627764BB3799BDB286C6D1D0E7DtrueMicrosoft WindowsValid 644600x8000000000000000558630Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:15.962C:\Windows\System32\drivers\http.sysMD5=AE04E028AB9C2A852C3EDBEBCDD9F996,SHA256=E7477D786885380F946CDE583E6955A32618BD8466F77C02B5B6FB8FF61032BCtrueMicrosoft WindowsValid 644600x8000000000000000554603Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.543C:\Windows\System32\drivers\tunnel.sysMD5=79E264287F17D56D768440B0270466DE,SHA256=ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7trueMicrosoft WindowsValid 644600x8000000000000000554448Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.528C:\Windows\System32\drivers\condrv.sysMD5=44EEEB2382F566999287E13F2067693C,SHA256=53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043trueMicrosoft WindowsValid 644600x8000000000000000552912Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.372C:\Windows\System32\drivers\srv2.sysMD5=8B950E8DAC1C4BD68EAA845D1D48D393,SHA256=DFF482762B053C7A88A0E2D93B43B4F7AAD197269DE44242EC119948C8F1207EtrueMicrosoft WindowsValid 644600x8000000000000000552495Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.356C:\Windows\System32\drivers\srvnet.sysMD5=E0DC3AA99113CF1A3DFC3DAC2337AF79,SHA256=5688CB30413DB20ADAA1FE1FF5960F02B13A0E6920E95EBD7205CC0CC1CE499FtrueMicrosoft WindowsValid 644600x8000000000000000552388Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.340C:\Windows\System32\drivers\mpsdrv.sysMD5=D93DD425F6C4FDC92F1EFC5F657B99AD,SHA256=8EF248C8D2B1E79E62F9AC873B72A0BA3DCB3627D68512D231C5AD8C679DE850trueMicrosoft WindowsValid 644600x8000000000000000552279Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.325C:\Windows\System32\drivers\mrxsmb20.sysMD5=A139393E81E1EE5F1A4773E9E4B9D000,SHA256=2745536EEBCAD12724D80BBC915F4EE200AE6413343B163C85B65120C1708D95trueMicrosoft WindowsValid 644600x8000000000000000552169Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.325C:\Windows\System32\drivers\mrxsmb.sysMD5=14DEFCBD6964944B19351183983E2FA1,SHA256=AD884855D5C16CA3274E24AF7E9C0405744867BC455E29031928F75050DE5BBDtrueMicrosoft WindowsValid 644600x8000000000000000552035Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.309C:\Windows\System32\drivers\bowser.sysMD5=48B884B07EF83AD57D89A61BFA975C48,SHA256=58C127A56BEACE59C10D6463934B7378775BBA7928187052A44EBE6466181C3CtrueMicrosoft WindowsValid 644600x8000000000000000551596Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.293C:\Windows\System32\drivers\rdpdr.sysMD5=40E7E17DC93F043808BD6163537F1853,SHA256=C4497F5796721CF0ED8B880745F400979035436C447B8ACEACC4597D0BA3EBECtrueMicrosoft WindowsValid 644600x8000000000000000551544Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.293C:\Windows\System32\drivers\mslldp.sysMD5=642CDE46351D5D2D90311E77072AB46D,SHA256=B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCAtrueMicrosoft WindowsValid 644600x8000000000000000551458Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.278C:\Windows\System32\drivers\rspndr.sysMD5=5FF28F097C9699097B473F8FC7C1AA7D,SHA256=695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FAtrueMicrosoft WindowsValid 644600x8000000000000000551391Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.278C:\Windows\System32\drivers\lltdio.sysMD5=5933A6673F00D8255C52957E40C2D601,SHA256=0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575EtrueMicrosoft WindowsValid 644600x8000000000000000550917Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.247C:\Windows\System32\drivers\registry.sysMD5=EEC3A4A98AE1A337E3CD1483AD6F2E15,SHA256=764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5trueMicrosoft WindowsValid 644600x8000000000000000550860Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.247C:\Windows\System32\drivers\storqosflt.sysMD5=4A0E52743C703DF6D6F031E828D54E6E,SHA256=FA99B46475DA5BBE0543BC662BD3D3AB69330D74E6F8B336BE63BFE8208EB37BtrueMicrosoft WindowsValid 644600x8000000000000000550698Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.247C:\Windows\System32\drivers\wcifs.sysMD5=188312034D67E20FA60BD3382004BBE3,SHA256=3168377E95B74D445251FEF339802BCDBAAFE3E4B6F77BF005E81DC622A11FE5trueMicrosoft WindowsValid 644600x8000000000000000549702Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.200C:\Windows\System32\drivers\luafv.sysMD5=80F000C39A0AE56EA4A414DB5BCF7D4A,SHA256=AAC6CF9209803DC0514A08C4E9A5AAF7C72ED6A4DAB65F5B84BDD25988B1A24CtrueMicrosoft WindowsValid 644600x8000000000000000549532Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:02.200C:\Windows\System32\drivers\rdpvideominiport.sysMD5=97A61A3CB2B5CB4FC32B3224EF333448,SHA256=E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3trueMicrosoft WindowsValid 644600x8000000000000000544961Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:00.465C:\Windows\System32\cdd.dllMD5=239E89CB039EBEF24AFCF6E260CDB176,SHA256=3EF42FF594B9BDE4EFE03FDC54DF2AE1046316034901AD0E89ABF7B061750DC1trueMicrosoft WindowsValid 644600x8000000000000000544821Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:00.403C:\Windows\System32\tsddd.dllMD5=EF046B49E8F9C95B94DF8A125C1DFF6F,SHA256=62FD491573750D3D0EBAD74BBBF4933A0CED4F459E611AEB52939D93D3B66DBDtrueMicrosoft WindowsValid 644600x8000000000000000544819Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:00.403C:\Windows\System32\tsddd.dllMD5=EF046B49E8F9C95B94DF8A125C1DFF6F,SHA256=62FD491573750D3D0EBAD74BBBF4933A0CED4F459E611AEB52939D93D3B66DBDtrueMicrosoft WindowsValid 644600x8000000000000000544790Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:00.372C:\Windows\System32\drivers\dxgmms2.sysMD5=D6225E3235BD197147B06C9D9BCF660E,SHA256=8385B4FA3D9340244A129816EB41F0157E29AF2B061D08450FF21D3CFB37AFE2trueMicrosoft WindowsValid 644600x8000000000000000544765Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:00.356C:\Windows\System32\drivers\monitor.sysMD5=9CCCB7FC3EDADEBA461D78615A6011A6,SHA256=C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DFtrueMicrosoft WindowsValid 644600x8000000000000000544399Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:00.309C:\Windows\System32\win32k.sysMD5=DED36E854BD35A60D058F7BD413CBC67,SHA256=EBD8C37C8136F470E741041618A69778AFEE56685543085D3EC2A33BBA822962trueMicrosoft WindowsValid 644600x8000000000000000544332Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:00.294C:\Windows\System32\win32kfull.sysMD5=C57836862D3479876F6DFC7FECE76E33,SHA256=860FB69DFF6324FC522F888455588B81764D7A07B0291DBFAA1CBD0B4B329EA9trueMicrosoft WindowsValid 644600x8000000000000000544173Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:00.262C:\Windows\System32\win32kbase.sysMD5=30C3033F90D75AA2A5E7C0BB4FE03E0F,SHA256=0051221AE10ECF5CF28607B45535E5577AA5EBDF3AC16E73D3D92C3ED67C12A1trueMicrosoft WindowsValid 644600x8000000000000000544112Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:00.247C:\Windows\System32\drivers\hidparse.sysMD5=A728652A33A4808996BDF08A4155A514,SHA256=143AF46CE457C07FC0381237A4DE9D034C5A00C6B05495CAC66736AF734F3918trueMicrosoft WindowsValid 644600x8000000000000000538763Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.887C:\Windows\System32\drivers\rdpbus.sysMD5=79A415E6FA915EFC00297DAB16EC2635,SHA256=47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733trueMicrosoft WindowsValid 644600x8000000000000000538730Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.887C:\Windows\System32\drivers\swenum.sysMD5=505E0C40B5D0ADDCBB414640F59BD2E0,SHA256=DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34DtrueMicrosoft WindowsValid 644600x8000000000000000538688Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.887C:\Windows\System32\drivers\ks.sysMD5=6CFC1605CAED2E9D4239317C861698D8,SHA256=BABAE7DD4D43EC3F876B617A63239941225F1B2D882F95ECD58000FFB0F3FE19trueMicrosoft WindowsValid 644600x8000000000000000538584Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.872C:\Windows\System32\drivers\NdisVirtualBus.sysMD5=7340104C2BF2F126714F7CDE85E63610,SHA256=45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66CtrueMicrosoft WindowsValid 644600x8000000000000000538552Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.872C:\Windows\System32\drivers\vmgencounter.sysMD5=9AC80016543E82D74E92006FF79F2EB3,SHA256=B58EDD676690F3A57473639F89E417929C304A759FC35EDCE48B885D9D3D1BD1trueMicrosoft WindowsValid 644600x8000000000000000538516Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.872C:\Windows\System32\drivers\amdppm.sysMD5=F96D1D392503AE5024531106EB9820FD,SHA256=E0288DE0EFD5BB07FDEA64B401C2E091FA386B4427D09EFA0094E06495507198trueMicrosoft WindowsValid 644600x8000000000000000538482Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.856C:\Windows\System32\drivers\ena.sysMD5=C593555FD929A6FA925129109C08FC65,SHA256=5ADD00C93BE0C3E978DA48DED964A54F730B40F98C72D3F6145D79E3BFE8364DtrueAmazon Web Services, Inc.Valid 644600x8000000000000000538405Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.856C:\Windows\System32\drivers\serenum.sysMD5=3FF478A8ED32A83C36581425F6282B6C,SHA256=787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAEtrueMicrosoft WindowsValid 644600x8000000000000000538349Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.856C:\Windows\System32\drivers\serial.sysMD5=92509187AA171A80521528B36F753E1D,SHA256=FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825trueMicrosoft WindowsValid 644600x8000000000000000538233Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.856C:\Windows\System32\drivers\parport.sysMD5=6B81BF7853D161DB8AC62CD8B9C2DE6B,SHA256=B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7trueMicrosoft WindowsValid 644600x8000000000000000538165Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.840C:\Windows\System32\drivers\mouclass.sysMD5=27A07B2FB2E3057DA8DAEA4F25D843C7,SHA256=09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27trueMicrosoft WindowsValid 644600x8000000000000000538136Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.840C:\Windows\System32\drivers\kbdclass.sysMD5=210808437570BDDEE71A43535E3A2D30,SHA256=EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1EtrueMicrosoft WindowsValid 644600x8000000000000000538105Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.840C:\Windows\System32\drivers\i8042prt.sysMD5=B54B30992620C97230013A74461C8517,SHA256=CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3trueMicrosoft WindowsValid 644600x8000000000000000538034Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.840C:\Windows\System32\drivers\umbus.sysMD5=DC460AAA18CA2342FBBFB2DF9B044472,SHA256=14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBDtrueMicrosoft WindowsValid 644600x8000000000000000538008Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.840C:\Windows\System32\drivers\kdnic.sysMD5=813BA3EB2CE038F2A5382DDD75CAD60B,SHA256=99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312trueMicrosoft WindowsValid 644600x8000000000000000537969Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.825C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sysMD5=34C935AF2A414572B412B3556586D783,SHA256=912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25EtrueMicrosoft WindowsValid 644600x8000000000000000537923Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.825C:\Windows\System32\drivers\ahcache.sysMD5=D4F8B7E3BAE2A50EF166346E6898ABD4,SHA256=E97059DF67A0850A7007268A4E10BE7EE7F899E5A6B5A2E773389652EAB5130EtrueMicrosoft WindowsValid 644600x8000000000000000537909Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.809C:\Windows\System32\drivers\dam.sysMD5=3BBD0073265DA6D3EFBA54B26E5D8236,SHA256=3C10C8BEC0D8AC41A3FBD589F41A83D6345C1FDD04B8B99063B2F5670CF10B18trueMicrosoft WindowsValid 644600x8000000000000000537898Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.809C:\Windows\System32\drivers\dfsc.sysMD5=B0DA125002BDCDDDF80603885BA2057A,SHA256=6ED4D7AA30DDD3FD5D7846B6FE77285B62D5DC039DAF15986F18311ED1B80119trueMicrosoft WindowsValid 644600x8000000000000000537880Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.809C:\Windows\System32\drivers\gpuenergydrv.sysMD5=7ACD8F69B5D6EC97E6D2C006E19BED88,SHA256=FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6EtrueMicrosoft WindowsValid 644600x8000000000000000537871Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.809C:\Windows\System32\drivers\mssmbios.sysMD5=0543BEFD41EC4D25C7F7CF36409CEC7D,SHA256=631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDDtrueMicrosoft WindowsValid 644600x8000000000000000537864Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.809C:\Windows\System32\drivers\npsvctrig.sysMD5=90F5DC9802AAA00CD0B6E2AD9E7FFADC,SHA256=71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6CtrueMicrosoft WindowsValid 644600x8000000000000000537857Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.794C:\Windows\System32\drivers\nsiproxy.sysMD5=86677943316DB1C3A95977566247C93E,SHA256=5E660D2E2BE25486D7AB367C5F023789C65DFD602934E0422D51AD7425C22AE2trueMicrosoft WindowsValid 644600x8000000000000000537832Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.794C:\Windows\System32\drivers\rdbss.sysMD5=F1D3B57015EDFC77A7468FE03C21229D,SHA256=9C1596BB65EB76D24BB05557FEE7CA81161AFA32B192622E7D918AED611D5B8CtrueMicrosoft WindowsValid 644600x8000000000000000537780Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.794C:\Windows\System32\drivers\netbios.sysMD5=5D1513BD6430307C9DB86C6E351372ED,SHA256=D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6DtrueMicrosoft WindowsValid 644600x8000000000000000537732Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.794C:\Windows\System32\drivers\pacer.sysMD5=C508D3F6E45FC4E17B1B1C222DFD9386,SHA256=99B7C868BB94473EEE9F0716879DE24DE81E00894E1C6397F1448CEE45DA5C58trueMicrosoft WindowsValid 644600x8000000000000000537708Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.778C:\Windows\System32\drivers\afd.sysMD5=FE173C8932FE4A00B26522ADD3068D34,SHA256=CD25C716EFA62C242E3439CBA243883F44562C900BD7569F83D4949A6D658F4AtrueMicrosoft WindowsValid 644600x8000000000000000537689Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.778C:\Windows\System32\drivers\netbt.sysMD5=D1C8EC9B711D23FF98564044C1DEBD00,SHA256=CB8BFE057687A29449C9829B1931329FDFB9428CC43A2A635A62AA3961611CE7trueMicrosoft WindowsValid 644600x8000000000000000537647Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.762C:\Windows\System32\drivers\tdx.sysMD5=5C372B10E550F4950AF9F78AF42721F5,SHA256=273D464AF9AE7BD97EEC7A676128BC83E354F15EFC39E4E620DD716C098E6B77trueMicrosoft WindowsValid 644600x8000000000000000537642Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.762C:\Windows\System32\drivers\tdi.sysMD5=23B5CD10B4DF20DB987568521917BB00,SHA256=658075C701189BE6EC0E9EE58CBDBA266839BAA39359E5652FDC171023EA4D4FtrueMicrosoft WindowsValid 644600x8000000000000000537629Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.762C:\Windows\System32\drivers\msfs.sysMD5=B48F273744D705E2AECEB542EFB27BB3,SHA256=88266914C9D178AD0B45873600B08C5429F47C6C8BA222C4E1B5D17C718A5A5FtrueMicrosoft WindowsValid 644600x8000000000000000537621Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.762C:\Windows\System32\drivers\npfs.sysMD5=987754BAC22267570243547D27A0F018,SHA256=F69F588BFAF584D2A3C45B7DB19C6FCE48AF8B1258C5DA2D18F2D02AF3B9EFC1trueMicrosoft WindowsValid 644600x8000000000000000537604Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.747C:\Windows\System32\drivers\BasicRender.sysMD5=33C05FFEA1FB9C7DDE864EE986D8A47A,SHA256=20A67AD3FC3B0B92CF7CBF13E601A3DC5397BFCEBEC956D26EA7637F2964B913trueMicrosoft WindowsValid 644600x8000000000000000537595Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.747C:\Windows\System32\drivers\dxgkrnl.sysMD5=B93E6BEA64AD2F162791517985BB2C32,SHA256=5E9E2447FF17F570AB68758EDE432152A5D671781F7A09D01ACF8BD87830B4DCtrueMicrosoft WindowsValid 644600x8000000000000000537579Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.731C:\Windows\System32\drivers\BasicDisplay.sysMD5=94D6B95485BFA35D81524B0EBA0F7569,SHA256=14A32CD501B1D816526A75A9EB3782E6C4FF78831628F257050AD2BA73733F57trueMicrosoft WindowsValid 644600x8000000000000000537518Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.731C:\Windows\System32\drivers\watchdog.sysMD5=33D894AEB764646F9BA3249DB87705DF,SHA256=C41290C099C7234A023E5BE0F85F309127981256F6C09335118FDC8A35AAAA86trueMicrosoft WindowsValid 644600x8000000000000000537464Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.731C:\Windows\System32\drivers\null.sysMD5=6E6DD6F9DD2A034CF85E94047DBDB992,SHA256=63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215trueMicrosoft WindowsValid 644600x8000000000000000537408Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.731C:\Windows\System32\drivers\dfs.sysMD5=340CD6EC9DE7C86FFC97430EFA753502,SHA256=88897E835D1EACCF4277A592C82ED9486CD0A87CF107AB885E14C408CA09220BtrueMicrosoft WindowsValid 644600x8000000000000000537389Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:00.200C:\Windows\System32\drivers\AWSNVMe.sysMD5=1C33800763FA3CE32E32F7400F91C2D4,SHA256=B6023DA21D9078074C3FEB19C99EF24F9D3B7D4C7907434090CB60A722108BD1trueAmazon Web Services, Inc.Valid 644600x8000000000000000537366Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:32:00.200C:\Windows\System32\drivers\Diskdump.sysMD5=CB1D40B1914504E2BCB7D160A6E7EAE2,SHA256=81BF33ACEAD757EE9C46A16E6D96A35D5F6A90B8E9B88D3C350781ADAA5E53FDtrueMicrosoft WindowsValid 644600x8000000000000000537363Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.715C:\Windows\System32\drivers\filecrypt.sysMD5=0C499F7BEFA84398DDD79A7D1A9A23E4,SHA256=78364D374AC9342207E73D39D4DB894521E3F79A0A1042EF4CFA7A9EA391A7C9trueMicrosoft WindowsValid 644600x8000000000000000537258Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.715C:\Windows\System32\drivers\tbs.sysMD5=3F0DEF1B774130EF20DC016423D8F558,SHA256=E5085B8ED7F3BF44B2B0CBD5C3B0E6E7FEC9C2B8F9926939F5E8318A45CA4408trueMicrosoft WindowsValid 644600x8000000000000000537204Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:57.715C:\Windows\System32\drivers\cdrom.sysMD5=205985E2EBF2CE5AE7F2A56F721EF357,SHA256=538A4CB3F3B12704523A8CE01FE0AB8786BCAB118F5BE8F381F35C574AB22EF6trueMicrosoft WindowsValid 644600x8000000000000000537154Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:47.716C:\Windows\System32\drivers\AWSNVMe.sysMD5=1C33800763FA3CE32E32F7400F91C2D4,SHA256=B6023DA21D9078074C3FEB19C99EF24F9D3B7D4C7907434090CB60A722108BD1trueAmazon Web Services, Inc.Valid 644600x8000000000000000536955Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:47.716C:\Windows\System32\drivers\Diskdump.sysMD5=CB1D40B1914504E2BCB7D160A6E7EAE2,SHA256=81BF33ACEAD757EE9C46A16E6D96A35D5F6A90B8E9B88D3C350781ADAA5E53FDtrueMicrosoft WindowsValid 644600x8000000000000000536889Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-30 16:31:47.716C:\Windows\System32\drivers\crashdmp.sysMD5=3DFBB8B3F8BC0A91297030D0E530BA37,SHA256=F5F8ACC5DA4C923BABB2FCAEBDA8CE33356E8F86E9CF946047C3A1E05E472825trueMicrosoft WindowsValid 644600x80000000000000005178Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-128-2022-03-29 17:46:32.835C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sysMD5=DE7FCC77F4A503AF4CA6A47D49B3713D,SHA256=4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6,IMPHASH=CB86059F4B291991E735BECBD4C669CBtrueRiverbed Technology, Inc.Valid 644600x80000000000000002217Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-128-2022-03-29 17:44:10.966C:\Windows\System32\drivers\AWSNVMe.sysMD5=1C33800763FA3CE32E32F7400F91C2D4,SHA256=B6023DA21D9078074C3FEB19C99EF24F9D3B7D4C7907434090CB60A722108BD1,IMPHASH=CD93018539A11565D60D28DF18DCB293trueAmazon Web Services, Inc.Valid 644600x80000000000000001955Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-128-2022-03-29 17:44:09.951C:\Windows\System32\drivers\ena.sysMD5=C593555FD929A6FA925129109C08FC65,SHA256=5ADD00C93BE0C3E978DA48DED964A54F730B40F98C72D3F6145D79E3BFE8364D,IMPHASH=FB370D8374B216430C11D17F479694B1trueAmazon Web Services, Inc.Valid 644600x80000000000000001274Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-128-2022-03-29 17:44:09.763C:\Windows\System32\drivers\AWSNVMe.sysMD5=1C33800763FA3CE32E32F7400F91C2D4,SHA256=B6023DA21D9078074C3FEB19C99EF24F9D3B7D4C7907434090CB60A722108BD1,IMPHASH=CD93018539A11565D60D28DF18DCB293trueAmazon Web Services, Inc.Valid 644600x80000000000000005704Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-29 17:38:17.393C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sysMD5=DE7FCC77F4A503AF4CA6A47D49B3713D,SHA256=4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6,IMPHASH=CB86059F4B291991E735BECBD4C669CBtrueRiverbed Technology, Inc.Valid 644600x80000000000000003398Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-29 17:36:02.982C:\Windows\System32\drivers\AWSNVMe.sysMD5=1C33800763FA3CE32E32F7400F91C2D4,SHA256=B6023DA21D9078074C3FEB19C99EF24F9D3B7D4C7907434090CB60A722108BD1,IMPHASH=CD93018539A11565D60D28DF18DCB293trueAmazon Web Services, Inc.Valid 644600x80000000000000003397Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-29 17:36:01.935C:\Windows\System32\drivers\ena.sysMD5=C593555FD929A6FA925129109C08FC65,SHA256=5ADD00C93BE0C3E978DA48DED964A54F730B40F98C72D3F6145D79E3BFE8364D,IMPHASH=FB370D8374B216430C11D17F479694B1trueAmazon Web Services, Inc.Valid 644600x80000000000000003381Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-702.attackrange.local-2022-03-29 17:36:01.763C:\Windows\System32\drivers\AWSNVMe.sysMD5=1C33800763FA3CE32E32F7400F91C2D4,SHA256=B6023DA21D9078074C3FEB19C99EF24F9D3B7D4C7907434090CB60A722108BD1,IMPHASH=CD93018539A11565D60D28DF18DCB293trueAmazon Web Services, Inc.Valid